DEV Community

Cover image for Steps to Migrate to Google Play App Signing
AYON KARMAKAR
AYON KARMAKAR

Posted on

Steps to Migrate to Google Play App Signing

Follow these steps to migrate an existing published app from manual signing to Google Play App Signing.


✅ 1. Back Up Your Current Key

Securely store your existing signing credentials:

  • Keystore file: key.jks
  • Keystore password
  • Key alias
  • Key password

⚠️ Important: Keep a safe backup of these credentials. You’ll need them during the migration.


✅ 2. Export Your App Signing Key (PEPK)

Google requires an encrypted export of your current signing key.

  1. In Play Console, go to: Setup → App integrity → App signing.
  2. Under “Export and upload your app signing key”, download:

    • pepk.jar
    • The encryption key (displayed in the instructions).
  3. Run the following command in your terminal (replace placeholders):

java -jar pepk.jar --keystore=key.jks --alias=<your-alias> \
--output=output.zip --encryption-key=<Google-encryption-key>
Enter fullscreen mode Exit fullscreen mode

This generates output.zip containing your encrypted signing key.

✅ 3. Upload the Key to Google Play

  1. Open Play Console and navigate to: Setup → App integrity → App signing
  2. Click Opt in to Play App Signing.
  3. Upload the output.zip file generated in the previous step.

✅ 4. Wait for Google to Process

  • Google will verify the uploaded key.
  • Once approved, Google Play App Signing becomes active.
  • From now on, Google securely manages your app signing key.

Note: Your existing keystore (key.jks) will now act as your Upload Key.

You can continue using it or optionally register a new upload key.


✨ (Optional) Generate a New Upload Key

For additional security, you can generate a new upload key:

keytool -genkey -v -keystore upload-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload
Enter fullscreen mode Exit fullscreen mode
  • Export the public certificate (.pem) from this new keystore.
  • Upload the certificate in Play Console as your new upload key.

📌 Summary

✔️ Backup your keystore (key.jks, alias, and passwords).

✔️ Export your signing key using pepk.jar from the Play Console.

✔️ Upload the encrypted key (output.zip) in Play Console → App Signing.

✔️ (Optional) Generate and register a new upload key for added security.

✅ Your app is now successfully migrated and managed by Google Play App Signing 🚀

Top comments (0)