Error when building from generated keystore file #973
Description
Describe the bug
bubble wrap works fine for projects where I already have a signing.keystore file. But when bubblewrap creates a signing.keystore file for me, the subsequent bubblewrap build fails:
cli ERROR Command failed: /Users/xxx/.bubblewrap/android_sdk/build-tools/34.0.0/apksigner sign --ks "/Uk
Failed to load signer "signer #1"
java.io.IOException: Failed to obtain key with alias "my-key-alias" from /Users/xxx/xxx/xxx/W?
at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:350)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCerts(SignerParams.java:202)
at com.android.apksigner.ApkSignerTool.getSignerConfig(ApkSignerTool.java:438)
at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:353)
at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:92)
Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded.
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:450)
at java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:91)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1050)
at com.android.apksigner.SignerParams.getKeyStoreKey(SignerParams.java:405)
at com.android.apksigner.SignerParams.loadPrivateKeyAndCertsFromKeyStore(SignerParams.java:318)
... 4 more
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise.
at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:862)
at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:942)
at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:735)
at java.base/com.sun.crypto.provider.PBES2Core.engineDoFinal(PBES2Core.java:325)
at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2205)
at java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:371)
at java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:257)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:361)
... 8 more
When I run keytool -list -v -keystore "path-to-my-keystore-file", I can see that a key exists with the expected alias.
I have tried 3 times, being careful to use the same passwords for the build step as I did during the init.
To Reproduce
Steps to reproduce the behavior:
- Run
bubblewrap init - When prompted for the "Key store location", give a file location where a file does not already exists
- When prompted with "An existing key store could not be found at....Do you want to create one now?", select yes
- Run
bubblewrap buildand input the same key store and key passwords that you entered in the above prompt
Expected behavior
Build without error
Desktop (please complete the following information):
- MacOS 15.5 (24F74), Apple M4
- @bubblewrap/[email protected]