Hello,
I am encountering an issue with uploading an android build to Google Play. When making the first build to upload, I used the Keystore Manager (under Player Settings->Publishing Settings) to create a keystore in my project and add a key with the alias “build_key”. That build uploaded fine.
I’m now trying to upload a second build, but I’m being given an error when the build is processed in Google Play:
Your Android App Bundle is signed with the wrong key. Ensure that your App Bundle is signed with the correct signing key and try again. Your App Bundle is expected to be signed with the certificate with fingerprint:
SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
but the certificate used to sign the App Bundle you uploaded has fingerprint:
SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
(but the XXs are two-digit hexadecimal values)
I have not touched the keystore or any settings related to it since the first build, so I don’t understand how the signing key can be different from the first build, or how it could be wrong when the first build was not. Furthermore, I don’t see a way to set what key I’m using, so I don’t know how I would use the “right” key. I’ve done some searches on the forums but have not found anything helpful for my situation. I would appreciate any assistance someone can give me.
Thank you for your time.
I personally generate keys myself and store them in a secure place so I don’t have to worry about something changes my signing keys accidentally.
In the Google Play Console (App > Test And Releases > Setup > App Singing) you can Request a Key Upgrade once a year. If you are sure your key will not change anymore you can try this option.
I appreciate your advice, but I’m afraid I don’t see how that helps me. Could you clarify?
I know that my keystore has not changed. The keystore file is included in the project, so I’m able to track changes to it through my source control. I also know I have the publishing settings set to use the same key. There is only one key in the keystore, after all.
Are you sure you did not upload a debug build (with a debug key) ?
You can still try to get the fingerprint of your certificates and of your build with the keytool utility and see if it’s the same as in the Google Play Console.
If you still have your previous uploaded release you can try to see if fingerprint is the same as for the new one.
If you don’t have it, you can download it from: Test and release > App Bundle Explorer.
Something might be wrong somewhere 
Get sha1 of key :
keytool -list -v -keystore PATH_TO_KEYSTORE -alias VALUE_OF_ALIAS
Get sha1 of apk/aab :
keytool -list -printcert -jarfile YOUR_APP.apk
I’m confident I did not upload with a debug key, because I remember making the keystore for that build. But to double check I made a build with a debug key (by unchecking the custom keystore option in the player settings), and it did have a different key than both the first build and the new one I’m trying to upload. So, my first build did not use a debug key.
I can also see that the key is different between the first build I uploaded and the one I am trying to upload, but it doesn’t tell me why or how to stop it.
I am unable to use the keytool command to check the keystore itself. The Unity tool doesn’t appear to create a keystore that follows the normal format. Trying the command on a keystore built by the Unity tool gives an error:
keytool error: java.io.IOException: Invalid keystore format
I don’t know if this is expected, but it happens for any keystore I’ve made with the Keystore Manager tool in Unity.
Since the Keystore Manager was creating a file that the command line tools couldn’t read, I decided to try using the command line to make new keystore. Along with that, I switched my app signing preference on Google Play to “Export and upload a key from Java keystore” so that I could give Google a new upload key that matched the newly generated one.
With those differences made, I was able to upload a second build and have it be accepted. I’ve made sure to back up the new keystores. Now to hope nothing causes to keys to change without explanation again.
Thanks, @BBO_Lagoon for your help with this. Finding out that the keystores had an invalid format (for the command line tool anyways) is what got me to try this.