AndreaM

I confirm that the app on which I had to carry out the procedure described above already existed and that it was distributed with .APK files with RAD Studio 10.2, 10.3 and finally 10.4.

Hi.

Thanks for the last post. It helped me find the solution!

I have put the procedure below, which is quite long.

[Sorry for my english]

I solved it this way.
You have to go to the Google Play Console site and when you make a new release or edit a release ("Production" -> "Edit release") in the screen with title "App Integrity" below you will see "Releases not signed by Google Play".

Then a special procedure must be carried out in order to register an "Android App Bundle".
Under the wording "Releases not signed by Google Play" press "Opt in" (or go with the menu on the left in "Setup" -> "App Integrity").

Here the screen has the title "App integrity" and you have to go to "App signing" and make a choice between the 2 + 2 others (in the advanced part below).

For Delphi it is better to select "Use existing app signing key from Java KeyStore". Here you have to follow the three instructions on the screen.
1) Download the pepk.jar file and put it in a specific dir.
2) Then you must have a latest version of JAVA and use the DOS prompt with this command:

java -jar PATH_TO_PEPK --keystore=PATH_TO_KEYSTORE --alias=ALIAS_YOU_USE_TO_SIGN_APK --output=PATH_TO_OUTPUT_FILE --encryptionkey=GOOGLE_ENCRYPTION_KEY

See also here:
https://stackoverflow.com/questions/52269806/error-running-pepk-app-signing-tool-at-command-line-java-jar-pepk-jar

With legend:    

    PATH_TO_PEPK = Path to the pepk.jar you downloaded, could be something like C:\Users\YourName\Downloads\pepk.jar for Windows users.
    PATH_TO_KEYSTORE = Path to keystore which you use to sign your release APK. Could be a file of type *.keystore or *.jks or without extension. Something like C:\Android\mykeystore or C:\Android\mykeystore.keystore.
    ALIAS_YOU_USE_TO_SIGN_APK = The name of the alias you use to sign the release APK.
    PATH_TO_OUTPUT_FILE = The path of the output file with .pem extension, something like C:\Android\private_key.pem
    GOOGLE_ENCRYPTION_KEY = This encryption key should be always the same. You can find it in the App Signing page, copy and paste it. Should be in this form: eb10fe8f7c7c9ddn2o1idj203jd0232f715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8ce
    
For Delphi
    PATH_TO_KEYSTORE: Project - Options - Deployment - Provisioning - Target="Release configuration - Android 64-bit platform" - Build type="Android 64-bit - Application Store" - "Keystore File".
    ALIAS_YOU_USE_TO_SIGN_APK: Project - Options - Deployment - Provisioning - Target="Release configuration - Android 64-bit platform" - Build type=" Android 64-bit - Application Store" - "Alias in Keystore".
    GOOGLE_ENCRYPTION_KEY: the specific one for our app that is in the screen.

When it launches it asks:
The keystore password: see in Delphi Project - Options - Deployment - Provisioning - Target="Release configuration - Android 64-bit platform" - Build type="Android 64-bit - Application Store" - "Keystore Password".
The alias password: see in Delphi Project - Options - Deployment - Provisioning - Target="Release configuration - Android 64-bit platform" - Build type="Android 64-bit - Application Store" - "Alias password".
    

Example:
             
java -jar "C:\Pepk\pepk.jar" --keystore="C:\Project_RAD\Myapp\Android_KeyStore\my.keystore" --alias="myalias" --output="C:\APP_PEM\file.pem" --encryptionkey=eb10f01201djqidji2d3o2ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a

The file obtained in output is a .PEM file which is the "Private key".

3) Take the .PEM file and upload it to the "App integrity" page.

A check will be carried out and if everything is ok then on the page "Create production release" ("Production" - "Edit release") under "App integrity" the message will appear:
"Releases signed by Google Play" with green check. At this point it will be possible to upload an .aab file.

To have this with all files:

(I cut the image).

But I think the problem is in the Google Play Console web page in "App Integrity" -> "App signing".

See this image.

I don't now how to encrypt my private key.

Thanks for the reply.

I followed all the directions you posted to me.

See my settings ...

If I set this

I have a .APK file!!! Not a .AAB file!

If I set this:

I have a .AAB file.

In the Google Play Console with the .APK file ..\Android64\Base\MyProjectName\bin\ I have this error:

with this error:

You uploaded an APK signed with a different certificate than previous APKs. You must use the same certificate. Your current APKs are signed with certificates with the fingerprint:

SHA1: ....

while the certificates used to sign the loaded APK have the fingerprint:

SHA1: ....

In the Google Play Console with the .AAB file from dir ..\Android64\Release\MyProjectName\bin\  I have this error:

Thanks again for your help