DEV Community

Cover image for Steps to Migrate to Google Play App Signing
AYON KARMAKAR
AYON KARMAKAR

Posted on

Steps to Migrate to Google Play App Signing

#android #security

Follow these steps to migrate an existing published app from manual signing to Google Play App Signing.

✅ 1. Back Up Your Current Key

Securely store your existing signing credentials:

  • Keystore file: key.jks
  • Keystore password
  • Key alias
  • Key password

⚠️ Important: Keep a safe backup of these credentials. You’ll need them during the migration.

✅ 2. Export Your App Signing Key (PEPK)

Google requires an encrypted export of your current signing key.

  1. In Play Console, go to: Setup → App integrity → App signing.

  2. Under “Export and upload your app signing key”, download:

    • pepk.jar
    • The encryption key (displayed in the instructions).

  3. Run the following command in your terminal (replace placeholders):

java -jar pepk.jar --keystore=key.jks --alias=<your-alias> \
--output=output.zip --encryption-key=<Google-encryption-key>
Enter fullscreen mode Exit fullscreen mode

This generates output.zip containing your encrypted signing key.

✅ 3. Upload the Key to Google Play

  1. Open Play Console and navigate to: Setup → App integrity → App signing
  2. Click Opt in to Play App Signing.
  3. Upload the output.zip file generated in the previous step.

✅ 4. Wait for Google to Process

  • Google will verify the uploaded key.
  • Once approved, Google Play App Signing becomes active.
  • From now on, Google securely manages your app signing key.

Note: Your existing keystore (key.jks) will now act as your Upload Key.

You can continue using it or optionally register a new upload key.

✨ (Optional) Generate a New Upload Key

For additional security, you can generate a new upload key:

keytool -genkey -v -keystore upload-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload
Enter fullscreen mode Exit fullscreen mode
  • Export the public certificate (.pem) from this new keystore.
  • Upload the certificate in Play Console as your new upload key.

📌 Summary

✔️ Backup your keystore (key.jks, alias, and passwords).

✔️ Export your signing key using pepk.jar from the Play Console.

✔️ Upload the encrypted key (output.zip) in Play Console → App Signing.

✔️ (Optional) Generate and register a new upload key for added security.

✅ Your app is now successfully migrated and managed by Google Play App Signing 🚀

Top comments (0)