I have done the following steps to sign an APK using the Google upload cert.
- Got the upload certificate from the app signing section of the google play dev site.
Created a key
keytool -genkey -v -keystore XXXXX.keystore -alias XXXXX -keyalg RSA -keysize 2048 -validity 10000
Imported the upload cert from Google
keytool -importcert -file upload_cert.der -keystore XXXXX.keystore
Then I list information about the key store
keytool -list -v -keystore XXXXX.keystore -storepass Password
From there I can see the importer cert from Google has Alias "mykey"
When I try to sign the apk using the alias "mykey" jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore XXXXX.keystore android-release-unsigned.apk XXXXX
I get the following error: mykey must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
Signing an APK requires more than a certificate (which is public information), it requires a private key. Although Play Console shares with you the certificate for convenience, only you have access to the private key. The upload key is whatever key you used to sign the first APK you uploaded (assuming you enrolled in App Signing by Play at this time): just re-sign with the same keystore+alias as your first upload and you'll be fine. If you've lost the key you signed with initially, then you can contact Play support team to have the key reset.