Lost Keystore – How to generate and register a new upload key (mac).

Ok, so you want to update your app at Google’s Play Store and you realize you lost your Keystore file or you don’t remember your keystore’s password? Fear not, here’s what you need to do:

  1. Create a new Keystore using Java’s Keytool.

    In case you use Unity like I do, don’t bother going back to it to create a new Keystore file because you’ll end up having someone at Google Support telling you something like this

    the provided key in the upload certificate is too weak. RSA keys must be of at least 2048 bits and please send us the new certificate.

    which doesn’t really give you much hints on what you did wrong or what you should do next.

    1.1. Open Applications>Utilities>Terminal.

    1.2. Type the following and hit Return in order to get the path to your java home directory


    You’ll get something like this


    1.3. Now you’ll need to change into that directory. Type “cd ” followed by the path to your java home directory and hit Return

    cd /Library/Java/JavaVirtualMachines/jdk1.8.0_101.jdk/Contents/Home

    In my case, here’s what I got:

    1.4. Now you will generate a new key. Type

    keytool -genkeypair -alias yourAliasName -keyalg RSA -keysize 2048 -validity 9125 -keystore /The/path/to/your/keystore.jks

    All fields like password, name and others will shortly be prompted for you to fill in. You will end up with a Keystore file created at the path you chose.


  2. Export the certificate for the new key to PEM format.

    2.1. Still in Terminal, type the following and hit Return

    keytool -exportcert -rfc -alias yourAliasName -file /The/path/to/your/upload_cert.pem -keystore /The/path/to/your/keystore.jks

    2.2. You will be prompted for the password and soon after you type it the upload certificate will be created at your chosen location.

  3. Sign your APK in Unity using the new Keystore file.

    If you try to sign your build with the new keystore.jks file you will not be able to choose it from within Unity’s Publishing Settings because Unity uses the “.keystore” file extension instead of the “.jks” extension.

    3.1. Just duplicate your keystore.jks file and rename the “.jks” extension to “.keystore“.

    3.2. Now you’ll be able to choose it from Unity’s Publishing Settings to sign your build. Just go ahead type your password and build your apk!

  4. Contact Google Play Support Team.

    Finally you just need to fill out this form and upload your upload_certificate.pem file. Within two working days you will be contacted by someone at google that will register your new upload key and give you a date when you will be able to update your app. Good luck!

Hope this tutorial helps you out and you spend less time than I did sorting all this out. Show some love and download my game at Google Play or simply share it at your favorite social media network.

Some other links that might come handy :

Google Console Help

Running the Java Keytool on Mac


Leave a Reply

O seu endereço de email não será publicado. Campos obrigatórios marcados com *