Solution for lost keystore.jks, Key Alias and Password issues
Losing the keystore file (.jks) with Key alias and Password is a serious issue in Android development, especially if your app is already published on the Google Play Store. Here's what you can (and cannot) do:
✅ If You Use Play App Signing (Now Mandatory)
Google now uses Play App Signing by default for most apps. If you opted in to Play App Signing (which most developers do), Google stores the original signing key, and you upload only an upload key when releasing updates. So if you've lost your upload key (.jks) or password, Google can reset your upload key.
❌ 2: If you did NOT use Play App Signing
If you never opted in to play app signing (e.G., old apps before it was mandatory), then ,Google doesn’t have your signing key and without the original keystore.jks, you can’t update the app ever again. In that case, your only option is to unpublish the app from play store. After that create a new app with a new package name. > Sign it with your new key. > Publish it as a brand-new app. Remember, you will lose downloads, ratings, users.
If you're not sure whether play app signing was enabled
You can check this:
- Go to the Google Play Console.
- Select your app.
- Go to Play Console > Test and release > App integrity > Services
If you see App signing > Signing by Google Play, then you're safe; request a reset.
Step 1 : Generate New keystore.jks
Generate a new keystore file using Android Studio. Keep it somewhere safe, maybe in Google Drive, not only in your PC. Also keep safe Key Alias and Password.
Step 2A : Now create upload_certificate.pem file. Here is the Command.
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore upload-key.jksStep 2B : Find Keytool location
If you do not know the location of keytool.exe in your computer, then Go to C: Drive and use the Find command to find "keytool.exe". It may not be installed automatically with Android Studio. If you don't find anything, you may need to download from https://www.oracle.com/java/technologies/downloads/
After installation, the keytool.exe location might be here: C:\Program Files\Java\jdk-24\bin\keytool.exe or somewhere else.
Step 2C : Modify Command
For example, here are the information we will use to edit the command.
- Key alias: Jackie
- .jks file location: D:\myapp.jks
- You want your upload_certificate.pem file here: D:\
Then your modified command will be just like this
"C:\Program Files\Java\jdk-24\bin\keytool.exe" -export -rfc -alias Jackie -file D:\upload_certificate.pem -keystore D:\myapp.jksStep 2D : Open Command Prompt
Open the Command Prompt, with 'Run as Administrator' mode. Paste this code. It will ask for the password. Type the password. Never copy/paste the password here. How hard it is, you should type. It will create upload_certificate.pem instantly in D: Drive
Step 3 : Contact Google Support for Upload Key Reset
Go to this link: https://support.google.com/googleplay/android-developer/contact/key, and fill out the form. Finally attach the file upload_certificate.pem
Step 4 : What you should do:
Google will send you an email (usually in one or two days), telling you that now you can request a upload key reset. Now
- Go to the Google Play Console.
- Select your app.
- Go to Play Console > Test and release > App integrity > App Signing
- Scroll to the App signing section, and click on Settings.
- Click on "Request upload key reset" and follow the instructions to contact support
- Give a reason why you’re requesting a key reset.
- Enter PEM file.
- Click Request.
You will receive a confirmation email, and wait for them to approve the key reset. Google will verify your request. Once approved (usually in a few days to a week), they’ll update the key. You can then use your new key to sign and upload updates
