I have created an fdroid repo on my fedora server. When I type “fdroid update” there are following critical errors:
CRITICAL: 'keystorepass' not found in config.yml!
CRITICAL: This command requires a signing key, you can create one using: fdroid update --create-key
I have a keystore.p12 file inside the fdroid folder and created the key using this command: keytool -genkeypair -alias fdroid -keyalg RSA -keystore keystore.p12
Following the config.yml file:
# Copy this file to config.yml, then amend the settings below according to
# your system configuration.
repo_url: https://my_website.com/fdroid/repo
repo_name: My-App F-Droid repository
repo_description: MyApp Fdroid app repository
keypass: keYFromSigningKey
repo_keyalias: fdroid
Now my question is: What am I missing here? I already have a keystore file and provided the password for it inside the config file. But, I did only create one password and not 2 (keypass and keystorepass?) Did I use the wrong command for creating the key?
After 90 days, the key expires as it says. How can I update/create a new key without breaking the repository? Thank you all for your help.
Yes, but I already crated one and signed the app with. Do I need to create a new one with fdroid update --create-key?
Sorry, I am very new to fdroid and don’t wanna mess it up now, before the first app release.
Don’t I need to give it a password when creating it with this command?
Thanks, so now when I follow the manual, in section
Create your first repo
the following error shows up when I run
fdroid update --create-key:
2023-05-29 17:03:41,152 WARNING: unsafe permissions on 'config.yml' (should be 0600)!
2023-05-29 17:03:41,154 INFO: Using /root/android/build-tools/30.0.0-preview/apksigner
2023-05-29 17:03:41,155 WARNING: repo_icon "repo/icons/icon.png" does not exist! Check "config.yml".
2023-05-29 17:03:41,157 INFO: Generating a new key in "keystore.p12"...
2023-05-29 17:03:44,763 INFO: Alias name: fdroid
Creation date: May 29, 2023
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=fdroid, OU=F-Droid
Issuer: CN=fdroid, OU=F-Droid
Serial number: 1bc2919ca6d38e90
Valid from: Mon May 29 17:03:43 CEST 2023 until: Fri Oct 14 17:03:43 CEST 2050
Certificate fingerprints:
SHA1: 35:78:9F:97:EB:3A:85:F8:E0:C7:47:9C:CE:49:FE:4A:C0:12:8A:07
SHA256: 65:71:2D:2C:C4:07:4F:16:2E:31:AC:F8:5F:71:B1:65:8C:AB:D8:5B:F7:02:B8:9B:CF:83:42:EC:23:C8:85:B4
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F3 62 75 07 E3 28 1B 51 16 FF 05 7F 32 5B 0B 33 .bu..(.Q....2[.3
0010: E4 D5 C7 16 ....
]
]
2023-05-29 17:03:46,063 INFO: Creating signed index with this key (SHA256):
2023-05-29 17:03:46,063 INFO: 65 71 2D 2C C4 07 4F 16 2E 31 AC F8 5F 71 B1 65 8C AB D8 5B F7 02 B8 9B CF 83 42 EC 23 C8 85 B4
2023-05-29 17:03:46,867 WARNING: repo_icon "repo/icons/icon.png" does not exist, generating placeholder.
2023-05-29 17:03:47,989 CRITICAL: Failed to sign repo/entry.jar: Failed to load signer "signer #1"
java.io.IOException: Failed to obtain key with alias "fdroid" from keystore.p12. Wrong password?
at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:320)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:181)
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:277)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:83)
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:450)
at java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:91)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1050)
at com.android.apksigner.SignerParams.getKeyStoreKey(SignerParams.java:375)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:288)
... 3 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:862)
at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:942)
at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:735)
at java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:196)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2205)
at java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:371)
at java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:257)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:361)
... 7 more
I first deleted the keystore.p12 file. What the hell am I doing wrong all the time?
What does it mean “a bad key is used” ? Can someone help me?