Somehow I managed to save the wrong keystore for my Android app that I developed using Xamarin and already published. When I wanted to upload an update to the Google Play Store with the keystore that I thought was the right keystore, the SHA certificate did not match.
Luckily I was registered for Google Play App Signing so they were able to reset the Upload Key for me. In order to reset the upload key I:
1.(dont know if i had to do this to generate new upload key) Generated a new archive and new keystore for the Android project in Xamarin and exported the APK to a folder. In that folder i ran the command lines in the next steps:
2.Generated a new upload key using the command line: keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
3.Exported the certificate for that key to a *.pem file: keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
4.Sent the *.pem to Google Play Developer Support.**
Note: to be able to use the keytool command in Windows 10 command prompt, I searched and opened Environmental Variables, found PATH under User Variables, right clicked and Edit, and added new path of location where keytool.exe is located: C:\Program Files\Java\jre1.8.0_191\bin
Now that I have a *.pem file and *.jks file, how do I create the new APK file for my Xamarin Android project that will serve as an update, signed with the new upload key in Visual Studio/Xamarin?
I figured out how to do this.
After sending the *.pem file to Google Play Developer support in order to reset the Upload Key, they confirmed it was successfully reset (yay Google App Signing) but it takes a couple of days for it to be active.
When it becomes active follow these steps:
1.Go to Visual studio and archive the Android project from Build/Archive
2.In the Archives menu option, select the latest archive and click Open Folder. This opens a folder where an unsigned *.apk file resides. It needs to be signed manually with the *.jks keystore file mentioned above (keystore.jks).
First zipalign the unsigned archive (make sure to add C:\Program Files\Java\jre1.8.0_191\bin to PATH in User variables):
zipalign -v -p 4 my-app-unsigned.apk my-app-unsigned-aligned.apk
Manually sign the zipaligned *.apk file with the keystore.jks
apksigner sign --ks keystore.jks --out my-app-release.apk my-app-unsigned-aligned.apk
The signing process will ask for the password used when creating the keystore.jks/*.pem file. After, the apk resulting is ready to upload to the Google Play Store as an app update. Keystore.jks is now the new Upload Key.