I just went and reread the documentation. It's not as precise on this point as I would like to see.
You CAN, in fact, create a new certificate IF AND ONLY IF you have the original private and public keys. The question is, can you use it? A certificate is just a signed wrapper for a key, with various metadata, like your name, etc. For apps, we're using self-signed certificates -- certificates signed with the same key that they wrap. The signature indicates that the person possessing the private key states that the public key and certificate information belong together. In theory, but perhaps not in practice -- the fact that you signed your new certificate with the same private key should attest to its legitimacy, and the fact that it has the same public key should attest to its equivalence. The details -- the distinguished name and all that -- should NOT be how it determines identity. I don't think you can do this with Java's keytool. At least, I can't think how to do it. Every crypto tool I've every used has been utterly cryptic, and keytool is no exception, so I may be missing a way to do it. But you can do it with openssl. That's got to the the MOST cryptic tool, however. But I've done it, so I know it can be done. I think it goes: openssl req -new -out <newcert> -x509 -key <privatekey> -days 8641 This will extract the public key from the private key, and prompt you for the various fields. It will construct a cert from the supplied information, expiring 8641 days from now (Oct 22, 2033), and sign it using the private key. The question is -- what will Google do with it? Two possibilities: 1) They compare the entire signing certificate. You lose. 2) They compare only the public key. You win. Note that it would not be valid for them to ignore the public key, as anyone would then be able to create a certificate that would pass this test. But a new certificate signed by the same private key, is still attested to by the private key as being legitimate. To verify the certificate, they need to be able to use the public key from the certificate to reverse the signature process. If you try this, let us know whether it works! On Feb 23, 4:50 pm, Achanta <[email protected]> wrote: > I do not have the keystore that I used when I first created the app > and I am wondering if I can create a new certificate using the same > details that I used to create the earlier certificate. I have the > details available with me. > > If I do so and update the app using this certificate, will the users > get an update notification on their device? > > Thank you. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
