Changing an existing XF Android application to use Google App Signing. Which option should I select on the Play Store?

Since you have an existing app and you have an .keystore you will have to undergo the following steps:-

Step 1 :- Enroll in app signing by Google Play a. Sign in to your Play Console. b. Select your current app. c. On the left menu, select Release management > App signing. d. If you haven’t already, review the Terms of Service and select Accept.

This step enrolls you for App signing by Google Play.

Step 2 :- Send your original key to Google and create an upload key a. Locate your original app signing key. b. Sign in to your Play Console. c. Select an app. d. On the left menu, select Release management > App signing. e. Select the export and upload option that best suits your release process and upload an existing app signing key. Here you will have to select option 3 - Export and Upload a key (not using a Java KeyStore), since you have a .keystore file.

Step 3 :- Create an upload key (optional and recommended) - This is an important step.

If you’re updating an app that’s already published to Google Play using an existing app signing key, you can opt in to app signing by Google Play as follows:

If you haven’t already done so, sign your app with your existing app signing key and make sure to check the box next to Export encrypted key to save your signing key as an encrypted *.pepk file. You’ll need this file in a later step. Sign in to your Play Console and navigate to your app. On the left menu, click Release management > App signing. If applicable, review the Terms of Service and select Accept. Select one of the options that best describes the signing key you want to upload to Google Play and follow the instructions that are shown. For example, if you used Android Studio to export your app’s signing key, as described on this page, select Upload a key exported from Android Studio and upload the *.pepk file for your key. Click Enroll. You should now see a page with the details of your app’s signing and upload certificates. Google Play now signs your app with your existing key when deploying it to users. However, one of the most important benefits to App signing by Google Play is the ability to separate the key you use to sign the artifact you upload to Google Play from the key that Google Play uses to sign your app for distribution to users. So, consider following the steps in the next section to generate and register a separate upload key.

Generate and register an upload certificate

When you publishing an app that is not signed by an upload key, the Google Play Console provides the option to register one for future updates to the app. Although this is an optional step, it’s recommended that you publish your app with a key that’s separate from the one Google Play uses to distribute your app to users. That way, Google keeps your signing key secure, and you have the option to reset a lost or compromised private upload key. This section describes how to create an upload key, generate an upload certificate from it, and register that certificate with Google Play for future updates of your app.

The following describes the situations in which you see the option to register an upload certificate in the Play Console:

When you publish a new app that’s signed with a signing key and opt it in to app signing by Google Play. When you are about to publish an existing app that’s already opted in to App signing by Google Play, but it is signed using its signing key. If you are not publishing an update to an existing app that’s already opted in to app signing by Google Play, and you’d like to register an upload certificate, complete the steps below and continue on to the section about how to reset a lost or compromised private upload key.

If you haven’t already done so, generate an upload key and keystore.

After you create your upload key and keystore, you need to generate a public certificate from your upload key using keytool, with the following command:

$ keytool -export -rfc
  -keystore your-upload-keystore.jks
  -alias upload-alias
  -file output_upload_certificate.pem

Now that you have your upload certificate, register it with Google when prompted in the Play Console or read the section below to register it though the Google Play support team.

Step 4:- Sign your next app update with the upload key When you release updates for your app, you need to sign them with your upload key.

If you didn’t generate a new upload key: Continue using your original app signing key to sign releases before you upload them to Google Play. If you lose your app signing key, you can generate a new upload key and register it with Google to continue updating your app.

If you generated a new upload key: Use your new upload key to sign releases before you upload them to Google Play. After you upload them, Google checks the release for an upload key to verify your identity. IF you lose your upload key, you can contact support to reset it.

It depends, whats the extension for the keystore file that you have- .keystore or .jks? Since you mentioned that it's an existing app, so you would follow the instructions for Existing Apps, under "Opt in to app signing by Google Play" here.

If you are using a JKS file, simply select the "Java Keystore" option, or else if you have a KEYSTORE file, then select "Not using a Java Keystore". And then continue following the other steps.

Let me know if you get stuck anywhere else, or have other questions.

You will have to follow this documentation to create keystore file.

The complete explanation of what you are asking is here at Android documentation site.

Option 1:

From Android Studio , we are using Visual Studio , so NA unless you want to use keystore file created by Android Studio, You can use Visual studio steps which is similar to this.

Option 2:

Using java keystore

You can use command line to create a new keystore file mentioned here in the thread

keytool.exe -genkeypair -v -keystore <filename>.keystore -alias <key-name> -keyalg RSA -keysize 2048 -validity 10000

Please note java should be added to path in order for it work everywhere otherwise you will run this command from C:\Program Files\Android\Jdk\microsoft_dist_openjdk_1.8.0.25

Option 3 :

Default keystore provides only few type of encryption algorithm. Seems this option helps you to use key generated by other algorithms which you will convert to .pem file it seems and then use that to sign your app.

With the mention of .AAB I believe you are interested in recommended apk signing approach mentioned at App Signing by Google play, you need to upload your key , and next time if you link google play you can use keystore from cloud to sign your app locally via Visual Studio as well.

If its a new app then you would choose Opt in a new app otherwise Opt in an existing app