I have a script which, among other things, calls keytool to generate a signing key for my apps as I create them. It appears that in the recent past, some system update has led to me getting a version of keytool (or underlying libraries) which, when creating a key pair, defaults to creating (I assume) a 2048 bit key rather than the old default of 1024 bits.
For my latest project, I created a keypair, signed an APK and uploaded it to Google Play. Now I am attempting to create a Bundle instead, but get the following error:
The security strength of SHA-1 digest algorithm is not sufficient for this key size
Some other questions report this error as a side-effect of problems with the bundle format (broken images, etc), but I have verified by generating a new key that's explicitly 1024 bits that it is a problem with the key itself. Generating such a key with keytool emits the following warning:
The generated certificate uses a 1024-bit DSA key which is considered a security risk. This key size will be disabled in a future update.
signBundle phase of the build that will get it to work correctly for this app, or do I need to request a new upload key?keytool has deprecated 1024-bit DSA keys, is there a set of parameters I can pass to it which will generate a key that will work correctly in future?Per the instructions at https://support.google.com/googleplay/android-developer/contact/key, I ended up generating a new 2048 bit RSA key, and requesting that Google replace the existing key with that.
keytool -genkeypair -keyalg RSA -keysize 2048 ...