9

I am facing this problem while building the project. Below is the stacktrace. I created a new keystore file for release key but didn't work. 

Caused by: java.io.IOException: Failed to generate v1 signature
at com.android.tools.build.apkzlib.sign.SigningExtension.onOutputZipReadyForUpdate(SigningExtension.java:292)
at com.android.tools.build.apkzlib.sign.SigningExtension.access$200(SigningExtension.java:53)
at com.android.tools.build.apkzlib.sign.SigningExtension$1.lambda$beforeUpdate$2(SigningExtension.java:171)
at com.android.tools.build.apkzlib.zip.ZFile.notify(ZFile.java:2154)
at com.android.tools.build.apkzlib.zip.ZFile.update(ZFile.java:923)
at com.android.tools.build.apkzlib.zip.ZFile.close(ZFile.java:1207)
at com.android.tools.build.apkzlib.zfile.ApkZFileCreator.close(ApkZFileCreator.java:174)
at com.google.common.io.Closer.close(Closer.java:216)
at com.android.builder.internal.packaging.IncrementalPackager.close(IncrementalPackager.java:332)
at com.android.build.gradle.tasks.PackageAndroidArtifact.doTask(PackageAndroidArtifact.java:704)
at com.android.build.gradle.tasks.PackageAndroidArtifact.splitFullAction(PackageAndroidArtifact.java:515)
at com.android.build.gradle.tasks.PackageAndroidArtifact.lambda$doFullTaskAction$3(PackageAndroidArtifact.java:396)
at com.android.build.gradle.internal.scope.BuildElements$ExecutorBasedScheduler$transform$$inlined$forEach$lambda$1.call(BuildElements.kt:121)
at com.android.build.gradle.internal.scope.BuildElements$ExecutorBasedScheduler$transform$$inlined$forEach$lambda$1.call(BuildElements.kt:110)
at java.util.concurrent.ForkJoinTask$AdaptedCallable.exec(ForkJoinTask.java:1424)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
Caused by: java.security.InvalidKeyException: Failed to sign using signer "CERT"
at com.android.apksig.internal.apk.v1.V1SchemeSigner.signManifest(V1SchemeSigner.java:295)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.sign(V1SchemeSigner.java:256)
at com.android.apksig.DefaultApkSignerEngine.outputJarEntries(DefaultApkSignerEngine.java:424)
at com.android.tools.build.apkzlib.sign.SigningExtension.onOutputZipReadyForUpdate(SigningExtension.java:290)
... 18 more
Caused by: java.security.InvalidKeyException: Failed to sign using SHA1withDSA
at com.android.apksig.internal.apk.v1.V1SchemeSigner.generateSignatureBlock(V1SchemeSigner.java:519)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.signManifest(V1SchemeSigner.java:293)
... 21 more
Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
at sun.security.provider.DSA.checkKey(DSA.java:104)
at sun.security.provider.DSA.engineInitSign(DSA.java:136)
at java.security.Signature$Delegate.init(Signature.java:1152)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1112)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1176)
at java.security.Signature.initSign(Signature.java:527)
at com.android.apksig.internal.apk.v1.V1SchemeSigner.generateSignatureBlock(V1SchemeSigner.java:515)

Followed other questions on the forum but nothing worked. Please help. Android Studio Version - 3.2.1

Edit- Changing the minSdkVersion from 18 to 21 fixed the issue. But not able to figure out the real reason behind this.

Zoe
  • 27,060
  • 21
  • 118
  • 148
umesh lohani
  • 162
  • 1
  • 4
  • 13
  • I did change it from 18 to 21 as well and it worked. The other thing that I observed was that the min sdk installed in Andoid Studio was 21. Not sure if this is the problem though – Sachin Kumar Feb 14 '19 at 12:56
  • I installed Android SDK 18 but then also it didn't work. – umesh lohani Apr 02 '19 at 06:29
  • are you trying to build project in another PC or Laptop from last last PC or Laptop ? – Mayur Dabhi Apr 11 '19 at 04:46
  • @MayurDabhi this could only cause the problem, in case different JDK versions would be installed to different computers... while the question does not feature different computers. – Martin Zeitler Apr 11 '19 at 04:49
  • there is InvalidKeyException: The security strength of SHA-1 digest. and InvalidKeyException for SHA-1 possible to PC or laptop change! – Mayur Dabhi Apr 11 '19 at 04:52
  • https://stackoverflow.com/a/46129415/7596740 – Ameya Salagre Apr 11 '19 at 06:18
  • Seeing DSA in the stack trace, it is probably a duplicate of this: https://stackoverflow.com/questions/48248406/android-studio-errororg-gradle-tooling-buildexception-failed-to-generate-v1-s – hk1ll3r May 15 '19 at 23:21

3 Answers3

5

The error message means, that the key likely has 1024 bits strength, because it had been generated with any JDK version before JDK 8u151 - while at least 2048 bits key-strength are being expected:

The security strength of SHA-1 digest algorithm is not sufficient for this key size.

The reason behind this is, that the default key-size had changed from 1024 to 2048 bits with JDK 8u151. This change can also be found in the JRE/JDK crypto roadmap at datecode 2017-10-17:

Upgraded the jarsigner and keytool ‑sigalg default to SHA256withDSA and the ‑keysize default to 2048 for DSA keys.

The "Reverting Instructions" would be (which do not really apply for signage with Android Studio):

To use a different algorithm and/or smaller key size use the ‑sigalg and ‑keysize options of keytool and jarsigner to override the current defaults. Before this change the default values were SHA1withDSA and 1024 bits.

For an APK, it is recommend to use the apksigner instead of the jarsigner - and there meanwhile is a APK Signature Scheme v3 (these are backwards compatible - therefore it is save not to use v1).

Generating a new key with at least 2048 bits strength should permit the v1 (jar) signing. Downgrading the JDK would also be a feasible workaround (while I'd rather not suggest that).

If you've already published this key to Google Play, the best option available might be trying to migrate to Google Play App Signing (the release key would be downgraded to an upload key).

The bottom line is, that most likely your system-wide installed version of the JDK is much older than the OpenJDK bundled with the current version of Android Studio - and so you can generate as many new keys as you want, but they won't meet the minimum security requirements. Updating the system-wide installed version of the JDK should enable you to generate keys with sufficient strength; run java -version, to see what you are even using to generate keys with an insufficient strength.

or simply use the ... /android-studio/jre/jre/bin/keytool to generate them.

Cody Gray - on strike
  • 239,200
  • 50
  • 490
  • 574
Martin Zeitler
  • 1
  • 19
  • 155
  • 216
5

Generating the keystore with keysize length 2048 worked for me.

keytool -genkey -v -keystore ~/.android/debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000
Amit Jain
  • 86
  • 2
  • 2
-1

This may be caused by a wrong format of icons, there is an issue tracked here: https://issuetracker.google.com/issues/63885809

Run below command to see the resources that are in problem

./gradlew assemble --stacktrace

Find the logs like below:

Error:org.gradle.tooling.BuildException: Failed to generate v1 signature Error:java.io.IOException: Failed to generate v1 signature Error:com.android.apksig.apk.ApkFormatException: Unsupported character xxxx in ZIP entry name "xxxx/xxx?"

Try to delete the file or replace with a new one.

shizhen
  • 12,251
  • 9
  • 52
  • 88