Jump to content
Rollo62

D11.3: Android: Create KeyStore, seems changed to former process, missing SHA1withRSA

Recommended Posts

Hi there,

I wanted to create an new keystore file, still under RadStudio 11.3, which works.

But I haven't used that quite some time, and I must find out that the "Alias Password" is no more available or possible to set.
In the dialog, there is still the option, but that seems not really get activated and longer.

 

The first step looks quite normal

image.thumb.png.e52a115adaea1784213b1ead794b9f67.png

 

but the 2nd step, never shows the Alias password

image.thumb.png.ed622b060c3538d5dbb67197f64f24a7.png

 

It is possible to create a keystore still

image.png.a91a2b85781017c37a8bdec6d25816a1.png

 

but of course without the alias password, also here

image.thumb.png.d1058ac56a89b3fa8aaa5186e56512f9.png

 

The Alias Info looks OK, but missing password

image.thumb.png.869803899beb01b54c7a9e29a725cc6c.png

 

Commandline

After some evaluation on commandline, it seems that the former keytool parameters seems to be changed.
 

1.) From something before, with -genkey

keytool -genkey -v -keystore %ks_file% -alias %ks_alias% -keyalg RSA -sigalg SHA1withRSA -keysize 2048 -validity 9132

2.) to something new, with  -genkeypair

keytool -genkeypair -v -keypass "%ks_pass%" -keystore %ks_file% -alias %ks_alias% -keyalg RSA -keysize 2048 -validity 9132   

This works quite similar and looks like the proper replacement, unfortunately I cannot find since when this might have changed.

I am working on the pre-installed JDK from the D11.3 IDE, which should be untouched and OK:

Quote

C:\Program Files\Eclipse Adoptium\jdk-11.0.15.10-hotspot\

 

Possible changes, with maybe sideeffects in the PlayStore, GCM or elsewhere:

1.) old method : This used the -sigalg SHA1withRSA, while

2,) new method: This used the -sigalg SHA256withRSA

 

Yes, that make perfectly sense, since SHA1 is quite banned everywhere.

 

Though, my questions are still:

- Is this change officially documented anywhere?  (probably not really for Delphi, but for Android, GCM or Firebase would be great)
    for example https://stackoverflow.com/questions/65920211/warning-sha1-algorithm-and-sha1withrsa-algorithm-specified-will-be-disabled-in

    https://www.ibm.com/docs/en/semeru-runtime-ce-z/17?topic=jcecca-sha1withrsa

    https://stackoverflow.com/questions/70419377/how-to-update-the-android-keystore-signature-algorithm-name-sha1withrsa-weak

    https://github.com/italia/cie-ideaapp/issues/4

    But not much really related directly to Android Apps, PlayStore and Google Cloud Services.

 

- Are there any further known requirements, or known sideeffects, for that alias password or SHA1withRSA algorithm?
   ( I can remember darkly, that I have read about such requirement somewhere, some years ago, but probably those procedures have changed meanwhile ).

 

- What would be the right way to create Keystore in 2023 then, the usual IDE way, without alias password, or probably using a commandline option, either similar or different as 2.) ?
 

I assume that the new D12.0 might also clarify about that process, but I still have to use my beloved D11.3 for a short while 🙂

 

 

 

Edited by Rollo62

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×