If you don't have an existing keystore file, WebToAppConvert can generate a new signing key for your app. The generated key is a standard Android keystore (.jks format) that you can download and store independently.
Signing Options
When configuring signing for an app, you have three options:
- Automatic: WebToAppConvert generates and manages the key. You don't download it or manage credentials. Simplest option, but you're dependent on WebToAppConvert's key storage.
- Generate New: WebToAppConvert generates a key, and you download and store a copy yourself. Recommended for any production app.
- Upload Own: You provide your own
.jksor.p12keystore. Use for apps migrating from another signing setup.
Generating a New Key
- In your app configuration, navigate to Signing
- Select Generate new key
- Enter a Key Alias: a name for this key within the keystore (e.g.,
myapp-releaseorapp-key) - Enter and confirm a Keystore Password: at least 6 characters
- Enter and confirm a Key Password: can be the same as the keystore password
- The key metadata (validity period, organization, etc.) is filled in automatically with standard defaults
- Save the configuration
After your first Starter or Professional build with this configuration, a Download Keystore button becomes available in the signing section. Download and store this file immediately.
What Gets Generated
The generated keystore is a standard JKS file compatible with keytool, Android Studio, and any other Android build tool. It contains a single key entry with:
- Key algorithm: RSA 2048-bit
- Signature algorithm: SHA256withRSA
- Validity: 10,000 days (~27 years): standard for Android production keys
- The alias and passwords you specified
This is identical to what you would generate with keytool -genkeypair in the Android documentation.
Why You Must Download and Store the Key
The signing key is permanently linked to your app on Google Play. All future updates to your app must be signed with the same key (specifically the same upload key, if using Play App Signing). If you lose access to the key, you cannot publish updates to your existing app: you would have to create a new Play Store listing with a new package name, starting over with zero installs and reviews.
Store your keystore file in at least two secure locations:
- An encrypted cloud storage service (not a public folder)
- A local backup (external drive, encrypted vault)
Also store the keystore password and key password in a password manager. Do not rely on memory for these credentials.
Finding Your Key Fingerprint
The SHA-256 fingerprint of your signing key is needed for deep link App Links configuration. Find it in the signing section of your app dashboard after generating or uploading a key. It's displayed in the format AA:BB:CC:DD:...
You can also retrieve it from your downloaded keystore file using keytool:
keytool -list -v -keystore your-keystore.jks -alias your-key-aliasThis outputs the certificate details including the SHA-256 fingerprint.
Key Rotation
If your upload key is compromised, you can request an upload key rotation through Google Play Console's key rotation process. This changes which key you use to sign AABs going forward, while users continue to receive APKs signed with Google's app signing key.
The app signing key (Google-managed, used for distribution) cannot be rotated. This is why Google's Play App Signing system exists: to ensure your app's installed base is never at risk from upload key loss.