How to manually generate signing keys for Android apps

Though the Android docs suggest that you need to use Android Studio to generate your signing keys, this is not the case. All you need is the keytool command, which you already have if you have Java installed.

You need two signing keys for uploading to Google Play. The first is the Upload Key. This is used to sign the .aab bundle to confirm to Google Play that the developer has permission to upload it. Google Play then takes this .aab file and generates .apk installer files for many different device types. It uses the Release Key to sign these .apk files.

Generating the keys

First, generate the upload key. This will also create the keystore.

keytool -genkeypair -v -keystore my-app.keystore -alias upload -keyalg RSA -keysize 2048 -validity 10000 -storetype jks

You will be prompted for the new keystore password. Make sure to save this and all the passwords somewhere safe. You will then be asked for personal / company details, which will be associated with the key. You can skip all of these fields, and then type “yes”. Finally, you will be asked for a password for the upload key. I recommend using a different password to the keystore here.

Now we can create the release key, which can do in the same keystore. The command is the same, except the alias has changed to release.

keytool -genkeypair -v -keystore my-app.keystore -alias release -keyalg RSA -keysize 2048 -validity 10000 -storetype jks

Again, I recommend using a unique password here, different to the keystore and upload keys.

That’s it! You now have both of your keys in one keystore. It is safe to put this keystore into your git repository, but keep the passwords separate and secure.