'Error building AAB - Flutter (Android) - Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
I am trying to build an AAB for my flutter app. I generated the keystore using the following below command:
keytool -genkey -v -keystore ~/pc-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias pckey
I have a key.properties file, and I have referenced it using the provided code in the flutter docs. How can I solve this Java related issue? My program throws the following exception
* What went wrong:
Execution failed for task ':app:signReleaseBundle'.
> A failure occurred while executing com.android.build.gradle.internal.tasks.Workers$ActionFacade
> Failed to read key pckey from store "/Users/jrperfetto/pc-keystore.jks": Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
Solution 1:[1]
I was getting the same error, I try this command
keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS
with extra attribute
-storetype JKS
it helps me to solve my problem and successfully create bundle.
The -storetype JKS tag is only required for Java 9 or newer. As of the Java 9 release, the keystore type defaults to PKS12.
Solution 2:[2]
It turns out i was generating my signing key using a different Java Version than my app was using to build the app. You can check this by running flutter doctor -v and seeing where the Java binary is located, and comparing it to when you run "which java".
The solution is to run your keygen command prefixed with the location of the Java bin found in the flutter doctor output like so:
/Applications/Android\ Studio.app/Contents/jre/jdk/Contents/Home/bin/keytool -genkey -v -keystore ~/pc-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias pckey
Solution 3:[3]
Note: The keytool command might not be in your path—it’s part of Java, which is installed as part of Android Studio. For the concrete path, run flutter doctor -v and locate the path printed after ‘Java binary at:’. Then use that fully qualified path replacing java (at the end) with keytool. If your path includes space-separated names, such as Program Files, use platform-appropriate notation for the names. For example, on Mac/Linux use Program\ Files, and on Windows use "Program Files". The -storetype JKS tag is only required for Java 9 or newer. As of the Java 9 release, the keystore type defaults to PKS12
1- remove upload-keystore.jks
a- /android/app/upload-keystore.jks
b- /home/user/upload-keystore.jks
2- Regenerate file :
keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS
3- copy file /home/user/upload-keystore.jks to android/app/
4- flutter clean
5- Flutter build appbundle
Solution 4:[4]
IF YOU CAN'T/DON'T WANT TO GENERATE NEW KEYS .
Generating new keys was not an option for me because our app is already in production and contacting google was such a hassle. As others have pointed out, the build fails because the app was signed with a java version higher than Java 11. But the HmacPBESHA256 algorithm is not available in java 11 which is shipped with Android Studio. That is, Android Studio is trying to build your app with Java 11.
So the solution for me was to get Android Studio to build the aab with my local java version, not java 11. To tell Android Studio which JDK version to use, in gradle.properties, I added:
org.gradle.java.home=/Library/Java/JavaVirtualMachines/jdk-15.0.2.jdk/Contents/Home
After this, I was able to build my aab without any issues with the keys I already had.
Solution 5:[5]
It solves me when I remove debug.keystore from the bellow directory.
/Users/tariqul/.android/debug.keystore
Solution 6:[6]
Like Graciela, I am unable to recreate the certificate. However, I using Java 12+ in Android Studio isn't a good fix for me. Using an updated Java version works for deploying from my machine, but not from the CI server.
Instead, I exported and imported the certificate to change the signing algorithm.
Here are the steps I used:
Export the certificate to PKCS12 using Java v12+:
keytool -importkeystore -srckeystore ./upload-keystore.jks -destkeystore ./pcstore.p12 -deststoretype PKCS12
Using openssl, export the key as .pem
openssl pkcs12 -nodes -in pcstore.p12 -out keystore.pem
Create a new .p12 store using openssl
openssl pkcs12 -export -in keystore.pem -out new-pcstore.p12 -name upload
Create a new jks store using the Android Studio version of Java (Java 11) by importing the .p12 store:
/Applications/Android\ Studio.app/Contents/jre/Contents/Home/bin/keytool -importkeystore -srckeystore ./new-pcstore.p12 -destkeystore ./new-upload-keystore.jks -deststoretype jks
Now the keystore works with Java 11 and it's using the same certificate I signed the app with before.
Solution 7:[7]
If you haven't already created a keystore file:
- Mac:
keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS
- Windows (change USER_NAME):
keytool -genkey -v -keystore "c:\Users\USER_NAME\upload-keystore.jks" -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias upload
If you have already created a keystore file before:
keytool -importkeystore -srckeystore "path/to/upload-keystore.jks" -destkeystore "path/to/new-upload-keystore.jks" -deststoretype JKS
Solution 8:[8]
I don't know if the way I solved the problem is the right way, and I don't know if others will solve it this way, but I think I would have solved it if I had done a lot of things.
I adapted JAVA_HOME to the form of the java binary that came up with flutter doctor -v like this
% flutter doctor -v
[?] Android toolchain - develop for Android devices (Android SDK version 31.0.0)
.
.
.
• Java binary at: /Applications/Android Studio.app/Contents/jre/jdk/Contents/Home/bin/java
and set JAVA_HOME to .zshrc
% cd ~
% vi .zshrc
export JAVA_HOME="/Applications/Android Studio.app/Contents/jre/jdk/Contents/Home"
% echo $JAVA_HOME
/Applications/Android Studio.app/Contents/jre/jdk/Contents/Home
and
% flutter clean
% flutter build appbundle
and that works
% flutter build appbundle
? Building with sound null safety ?
Running Gradle task 'bundleRelease'...
Running Gradle task 'bundleRelease'... Done 4.1s
? Built build/app/outputs/bundle/release/app-release.aab (21.2MB).
Solution 9:[9]
in android > app folder, open build.gradle and make sure to keep
buildTypes {
release {
signingConfig signingConfigs.debug
}
}
and before building release bundle, change it to
buildTypes {
release {
signingConfig signingConfigs.release
}
}
Solution 10:[10]
Solution is very simple. Just delete your file mentioned in the error log. For example in my case the path was shown below.
C:\Users\kattie\.android\debug.keystore.jks
Delete this debug.keystore.jks file and make sure you close android studio or OpenJDK process from task manager.
Solution 11:[11]
I got the same issue yesterday. I deleted my old debug key, which is located at /Users/<username>/.android/debug.keystore. I think this is the simplest way to handle this problem for a Newbie like me.
P.S. Not sure about the "release" mode. This just works for "debug" mode.
Solution 12:[12]
This works fine for me :)
/Users/macbookpro/Library/Java/JavaVirtualMachines/openjdk-16.0.1/Contents/Home/bin/keytool -genkey -v -keystore android/app/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload -storetype JKS
Solution 13:[13]
I found this problem befor and i solve it when i change the JDK from 11 version to 16 version in windows 10 64bit
Solution 14:[14]
For my case, I have used gradle 7.3 build tool to compile the source. it is worked without any problem.
First, download gradle from this link: https://gradle.org/releases/
Unzip it in your preferred location
Than run this command: export PATH=$PATH:/gradle_bin_path
This will add gradle binary for current terminal session only. If you want to add this path for permanent, you need to follow extra step:
first run this command to get what terminal you are using:
echo $SHELL
I am using zsh as shell, so if the output is /bin/zsh than run this following commands:
sudo -s
cd /users/username
ls
vim .zshrc
Before editing the .zshrc file, be sure to have a backup of this file
And than add following line to this file: export PATH=$PATH:/gradle_bin_path
Save and quit the editor.
Than run this command: source .zshrc
The path list now updated. Let's run this command:
gradle --version
It should show current gradle version.
Now, time to compile the app. lets cd to directory where your project is.
Then, run this command: gradle clean
Wait till gradle finish sync your project. once finish sync, run this command:
gradle build
Finally, you will be able to solve your problem.
Solution 15:[15]
Command
keytool -genkey -v -keystore ~/upload-keystore.jks -deststoretype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias upload
worked for me on my mac m1.
i was using java version 17 and everytime i try to build appbundle i would get error
Integrity check failed: java.security.NoSuchAlgorithmException: Algorithm HmacPBESHA256 not available
To solve this i added
-deststoretype JKS in keytool command and it worked for me .
Solution 16:[16]
AS I lost my Keystore, and was unable to return it back, read google documentation about getting a new key.
Google: If you’ve lost your private upload key or it’s been compromised, you can create a new one, and then ask your account owner to contact support to reset the key. When contacting support, make sure your account owner attaches the upload_certificate.pem file.
I emailed google at the following link: https://support.google.com/googleplay/android-developer/contact/key
They sent me the following commands to re-generate keystore and certificate.pem:
Here’s how to generate and register a new upload key:
Follow the instructions in the Android Studio Help Center to generate a new key. It must be different from any previous keys. Alternatively, you can use the following command line to generate a new key:
keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
This key must be a 2048 bit RSA key and have 25-year validity. Export the certificate for that key to PEM format:
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
Reply to this email and attach the upload_certificate.pem file, after replying, they will send an email mentioning your key store will be updated after 2 days,
now you have a new key store, in order to generate a signed bundle keys, you must do the following:
1- Go to the android side in your flutter (2.8.1) project. 2- go to settings> Build, Execution ..> Gradle> 3- change gradle JDK to something between 16 and 11, **JDK 15 worked for me.
note: if you don't have jdk, you can download it in same place Gradle JDK with jdk download option. note: you must build your signed app bundle within android only not inside flutter framework.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow