FeaturesHow It WorksPricingFAQ Docs Blog Contact Login
All Documentation
  • Docs
  • /
  • Build & Publish

Using a Custom Keystore File

How to upload your own .jks keystore file to WebToAppConvert, when you need it, and what to watch out for when migrating from a previous Android signing setup.

If you're migrating an existing Android app to WebToAppConvert, or if you've previously generated a keystore file in Android Studio or with keytool, you can upload that keystore to use for signing your builds. This ensures continuity: Play Store installs under the old key continue receiving updates signed with the same key.

When You Need a Custom Keystore

  • Migrating an existing app: If your app is already on Google Play and has been signed with a specific key, all future updates must use the same key. Upload your existing keystore to WebToAppConvert to continue publishing updates.
  • Cross-platform consistency: If you're managing signing keys across multiple build systems and want a single canonical key for an app, upload your master keystore.
  • External key management policies: Some organizations have policies requiring signing keys to be generated internally rather than by third-party services. Upload the organization-managed key.

What You Need

  • Your .jks or .keystore file
  • The keystore password (the password for the entire keystore file)
  • The key alias (the name of the specific key entry within the keystore)
  • The key password (may be the same as the keystore password, or different)

If you don't know these values, they were set when the keystore was originally created. They cannot be recovered if lost. This is why it's critical to store keystore credentials securely: see Managing Your Keystore Securely.

Uploading Your Keystore

  1. In your app configuration, navigate to Signing
  2. Select Upload own keystore
  3. Click Upload Keystore File and select your .jks or .keystore file
  4. Enter the Keystore Password
  5. Enter the Key Alias
  6. Enter the Key Password
  7. Save the configuration

Your keystore file and credentials are stored encrypted in your account. The signing credentials are only used during the build process to sign your AAB.

Verifying the Upload

After uploading, trigger a Debug build. Debug builds are signed with the debug key regardless of your signing configuration, but a successful build confirms your configuration is syntactically valid.

For a full test, run a Starter build and verify the AAB:

  1. Download the AAB
  2. Use the bundletool command-line tool to extract and inspect the signing certificate
  3. Verify the certificate fingerprint matches what you expect from your keystore

Alternatively, upload the AAB to Play Console and verify that it's accepted without signing errors.

Play App Signing Interaction

If your app uses Play App Signing (required for all new apps), your uploaded key becomes the "upload key": the key you use to sign your AAB before uploading to Google Play. Google then re-signs the APK that's distributed to users with Google's own app signing key.

This means: even if you rotate your upload key (which is allowed), your app's installed base is unaffected because users receive files signed with Google's key, not yours. The upload key only needs to be trusted by Google Play, not by end users' devices.

Keystore Format

Android accepts two keystore formats:

  • JKS (Java KeyStore): The legacy format, created by keytool by default in older versions. Files typically have a .jks extension.
  • PKCS12: The modern format. Files typically have a .p12 or .pfx extension.

WebToAppConvert accepts both formats. If you need to convert between them, the keytool command-line tool handles conversion:

keytool -importkeystore   -srckeystore old-key.jks   -destkeystore new-key.p12   -deststoretype PKCS12
Previous Signed AAB: Uploading to Google Play Console
Next How to Generate a New Signing Key

Still need help?

Can't find the answer you're looking for? Reach out to our support team.

Contact Support
© 2026 WebToAppConvert, Made With ❤️ by Excyn Labs