Rollo62 536 Posted November 10, 2023 (edited) Hi there, I wanted to create an new keystore file, still under RadStudio 11.3, which works. But I haven't used that quite some time, and I must find out that the "Alias Password" is no more available or possible to set. In the dialog, there is still the option, but that seems not really get activated and longer. The first step looks quite normal but the 2nd step, never shows the Alias password It is possible to create a keystore still but of course without the alias password, also here The Alias Info looks OK, but missing password Commandline After some evaluation on commandline, it seems that the former keytool parameters seems to be changed. 1.) From something before, with -genkey keytool -genkey -v -keystore %ks_file% -alias %ks_alias% -keyalg RSA -sigalg SHA1withRSA -keysize 2048 -validity 9132 2.) to something new, with -genkeypair keytool -genkeypair -v -keypass "%ks_pass%" -keystore %ks_file% -alias %ks_alias% -keyalg RSA -keysize 2048 -validity 9132 This works quite similar and looks like the proper replacement, unfortunately I cannot find since when this might have changed. I am working on the pre-installed JDK from the D11.3 IDE, which should be untouched and OK: Quote C:\Program Files\Eclipse Adoptium\jdk-11.0.15.10-hotspot\ Possible changes, with maybe sideeffects in the PlayStore, GCM or elsewhere: 1.) old method : This used the -sigalg SHA1withRSA, while 2,) new method: This used the -sigalg SHA256withRSA Yes, that make perfectly sense, since SHA1 is quite banned everywhere. Though, my questions are still: - Is this change officially documented anywhere? (probably not really for Delphi, but for Android, GCM or Firebase would be great) for example https://stackoverflow.com/questions/65920211/warning-sha1-algorithm-and-sha1withrsa-algorithm-specified-will-be-disabled-in https://www.ibm.com/docs/en/semeru-runtime-ce-z/17?topic=jcecca-sha1withrsa https://stackoverflow.com/questions/70419377/how-to-update-the-android-keystore-signature-algorithm-name-sha1withrsa-weak https://github.com/italia/cie-ideaapp/issues/4 But not much really related directly to Android Apps, PlayStore and Google Cloud Services. - Are there any further known requirements, or known sideeffects, for that alias password or SHA1withRSA algorithm? ( I can remember darkly, that I have read about such requirement somewhere, some years ago, but probably those procedures have changed meanwhile ). - What would be the right way to create Keystore in 2023 then, the usual IDE way, without alias password, or probably using a commandline option, either similar or different as 2.) ? I assume that the new D12.0 might also clarify about that process, but I still have to use my beloved D11.3 for a short while 🙂 Edited November 10, 2023 by Rollo62 Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}