To enable another developer to sign an APK with one of my private-keys, should I give out the original KeyStore file, or would giving him only this specific key's password be enough?
Please note that my question intentionally disregards the "security" aspects of giving out a private signing key. This is not part of the question.
Thanks much.
You need to provide the other developer with the following:
If you wish, you can export the certificate for a single alias to a different keystore using the following commands:
keytool -export -alias myAlias -file mycert.cer -keystore existingKeystore.jks
keytool -importcert -file mycert.cer -keystore newKeystore.jks -alias myAlias
This is useful if you have multiple certificates in a single keystore and you only want to export a single certificate.