How to handle a lost KeyStore password in Android?

I have forgotten my Keystore password and I don't really know what to do anymore (I can't or won't give any excuses for it). I want to update my app because I just fixed a bug but it's not possible anymore. What happens if I use the same Keystore but create a new key? Would I still be able to update the app and if it's not possible, how can I go about giving information to users about the updated version?

If anybody has had a problem like this or has come across troubles, what advice can you give to help remedy the situation? Fortunately, it is a free app.

Just encountered this problem myself - luckily I was able to find the password in some Gradle's temporary file. Just in case anyone lands here:

try looking for this file

..Project\.gradle\2.4\taskArtifacts\taskArtifacts.bin

or

.gradle/3.5/taskHistory/taskHistory.bin
.gradle/5.1.1/executionHistory/executionHistory.bin
.gradle/caches/5.1.1/executionHistory/executionHistory.bin
.gradle/5.1.1/executionHistory/executionHistory.bin
.gradle/3.5/taskHistory/taskHistory.bin
.gradle/2.10/taskArtifacts/taskArtifacts.bin

and search for

storePassword

It was there in cleartext. In general, if you do remember at least a part of your password, try searching for a file containing this substring and hopefully you will fish out something.

Wanted to throw it out here, maybe it will eventually help someone.

---

Edit: Added new insight from comments, just to be more visible. Edit 2: Added some more locations reported in comments.

Thanks to Vivek Bansal, Amar Ilindra and Uzbekjon for these.

See this link

It's unfortunate, but when you lose your keystore, or the password to your keystore, your application is orphaned. The only thing you can do is resubmit your app to the market under a new key.

ALWAYS backup up your keystore and write the passwords down in a safe location.

Brute is your best bet!

Here is a script that helped me out:

https://code.google.com/p/android-keystore-password-recover/wiki/HowTo

You can optionally give it a list of words the password might include for a very fast recover (for me it worked in <1 sec)

In case a wrong password is provided, even just once, it keeps saying on next attempts:

> Keystore tampered with or password incorrect.

Even when you provide the correct one. I tried it several times, maybe it's some kind of protection.
Close the export wizard and start it again with the correct password, now it works :)

Finally i found the solution after spending two days...

Follow these steps:

1. Go to project
2. In .gradle find your gradle version folder in my case it was 4.1 (Refer pic)
3. expand the 4.1 folder and then in taskHistory folder you will find taskHistory.bin file.
4. Open taskHistory.bin file in android studio itself.
5. Search for ".storePassword" .. That's it you got your keystore password.

This really worked to me.

Try this and happy coding!!!

SOLUTION 2019 (Windows, Android Studio 3.3, gradle 4.10):

This solution only works if "Remember password" checkbox was previously marked.

First of all taskArtifacts.bin don't exist for this version of gradle and idea.log shows asterisks for passwords. This was old days solutions that doesn't worked to me.

Where I found the clear text passwords: C:\Users\{username}\AndroidStudioProjects\{project}\app\build\intermediates\signing_config\release\out\signing-config.json

Keys: mStorePassword and mKeyPassword.

I really hope it helps someone else.

On a MAC launch Console utility and scrolled down to ~/Library/Logs -> AndroidStudio ->idea.log.1 (or any old log number) Then I searched for "keystore" and it should appear somewhere in the logs.

Original question: link

In fact, losing thekeystore password is not a problem.
You can create a new keystore and set a new password for it with the keytool command below. You don't need original keystore password for it:

keytool -importkeystore -srckeystore path/to/keystore/with/forgotten/pw \
-destkeystore path/to/my/new.keystore

When prompted, create password for your new.keystore and for source keystore password (which you lost) just hit Enter.
You will get warning about integrity not checked, and you will get your new.keystore identical to original with newly set password.

The reason this works is keystore password is only used to provide integrity of the keystore, it does not encrypt data with it, in contrast to private key password, which actually keeps your private key encrypted.

Please note, that you must know your private key password to sign your apps. Well, if it is same as forgotten keystore password then you can resort to bruteforce as in @Artur's answer.

This approach always worked for me.

I feel I need to make it an answer because this could not be just in comments. Like @ElDoRado1239 says in his answer (dont forget to upvote his answer ;)

• Looks for ..Project\.gradle\2.4\taskArtifacts\taskArtifacts.bin in my case was in ..Project\.gradle\2.2.1\taskArtifacts\taskArtifacts.bin because I use gradle 2.2.1
• Then look for storePassword like @Moxet Khan says in comments...in my case was at line signingConfig.storePassword¬í t my.forgoten.password—signingConfig.keyAlias

Hope help somebody else!!!

Fortunately, I found my lost password along with the keystore path and alias name from my Android studio logs.

if you are running linux / Unix based machines.

Navigate to Library Logs directory

cd ~/Library/Logs/

in there if you remember your android studio version which you used to build the last release APK. Navigate to that Directory

ex : cd AndroidStudio1.5/

In there you will find the log files. in any of the log files (idea.log) you will find your keystore credentials

example

-Pandroid.injected.signing.store.file=/Users/myuserid/AndroidStudioProjects/keystore/keystore.jks, 
-Pandroid.injected.signing.store.password=mystorepassword, 
-Pandroid.injected.signing.key.alias=myandroidkey, 
-Pandroid.injected.signing.key.password=mykeypassword,

I hope this helps for Android Studio users

It may be bit late but it will help someone for sure You can search password if you remember something otherwise try searching like

signingConfig.storePassword

also if you forgot key alias you can find here that also search something like signingConfig.keyAlias

> Project.gradle\3.3\taskArtifacts\taskArtifacts.bin

Hope it will help someone

Simplest way to get keystore password

project_folder\app\build\intermediates\signing_config\release\out\signing-config.json

Check out this file search for StorePassword in signing-config.json

{"mName":"externalOverride","mStoreFile":"C:\\Users\\dAvInDeR\\Desktop\\KEYSTORE\\keystore.jks","mStorePassword":"1234@#abcd","mKeyAlias":"uploadkey","mKeyPassword":"1234@#abcd","mStoreType":"jks","mV1SigningEnabled":false,"mV2SigningEnabled":false}

Hope fully it will help you.

After spending almost a day in researching the possible options for recovering the lost keystore password in Android Studio. I found the following 4 possible ways to do it:

1. Use AndroidKeystoreBrute to retrieve your password. This method is quite useful when you partially forgot your password means you still have some hints of your password in your mind.

2. You can also retrieve it through Android Studio log files if you have previously released the app(for which you finding the keystore password) with the same machine. Refer to the following directory:

Mac OSX

> ~/Library/Logs/AndroidStudio/idea.log.1

Linux (Possible Location)

> /home/user_name/AndroidStudio/system/log

Windows (Possible Location)

> C:\Users\user_name\AndroidStudio\system\log

and search for Pandroid.injected.signing.key.password inside the file. You gonna see the password if you have previously signed the app with the same Android Studio version in which you are looking currently.

3. You can also retrieve the password through .gradle directory of your project. Look for the following path

> project_directory/.gradle/2.4/taskArtifacts/taskArtifacts.bin. > Note: This doesn't seem to work for newer versions of Gradle (2.10 and above).

4. If none of the above solutions works then you can try this one but for this one also you must have Android Studio IDE app or It's preferences in which your project keystore password have been saved earlier (Using the Remember password option at the time of signing the app). You can get the IDE preferences from the following path:

   Mac OSX

> ~/Library/Logs/AndroidStudio/idea.log.1

Linux (Possible Location)

> /home/user_name/AndroidStudio

Windows (Possible Location)

> c:\user\username\.AndroidStudio

Just use the older Android Studio IDE if you have or import the preferences of the old IDE into new IDE and also put the keystore file in the same path where it was previously when you had signed it and save the password last time.

In this way once you open the project and try the Build->Generate Signed APK and select the keystore file from the older location. It will automatically retrieve the password and continue to generate the signed APK for release.

Once the release APK generates successfully you can follow the option 2 mentioned earlier to check your password from you log file for the recently generated release APK.

For anyone else who may run across this, I wanted to share an answer that may be the case for you or for others browsing this article (like myself).

I am using Eclipse and created my keystore in it for my 1.0 release. Fast forward 3 months and I wanted to update it to 1.1. When I chose Export... in Eclipse and chose that keystore, none of my passwords that I could remember worked. Every time it said "Keystore tampered with or password incorrect." It got to a point where I was getting ready to run a brute force program on it for as long as I could stand (a week or so) to try to get it to work.

Luckily, I to sign my unsigned .apk file outside of Eclipse. Voila - it worked! My password had been correct the entire time! I'm not sure why, but signing it in Eclipse through the Export menu was reporting an error even when my password was correct.

So, if you're getting this error, here are my steps (taken from Android documentation) to help you get your apk ready for the market.

NOTE: To get unsigned apk from Eclipse: Right-click project > Android Tools > Export Unsigned Application

1. Sign unsigned apk file with keystore

a. open administrator cmd prompt and go to "c:\Program Files\Java\jdk1.6.0_25\bin" or whatever version of java you have (where you have copied the unsigned apk file and your keystore)

b. at cmd prompt with keystore file and unsigned apk in same directory, type this command: jarsigner -keystore mykeystorename.keystore -verbose unsigned.apk myaliasnamefromkeystore

c. it will say: "Enter Passphrase for keystore:". Enter it and press Return.

d. ===> Success looks like this:

    adding: META-INF/MANIFEST.MF
    ...
    signing: classes.dex

e. the unsigned version is overwritten in place, so your signed apk file is now at the same file name as the unsigned one

2. Use ZipAlign to compact the signed apk file for distribution in the market

a. open admin cmd prompt and go to "c:\AndroidSDK\tools" or wherever you installed the Android SDK

b. enter this command: zipalign -v 4 signed.apk signedaligned.apk

c. ===> Success looks like this:

    Verifying alignment of signedaligned.apk (4)
    50 META-INF/MANIFEST.MF (OK - compressed)
    ...
    1047129 classes.dex (OK - compressed)
    Verification succesful

d. the signed and aligned file is at signedaligned.apk (the filename you specified in the previous command)

========> READY TO SUBMIT TO MARKETPLACE

I'm surprised no one has mentioned this, but you can go to Google Play developer support, and they will work with you to create a new upload key:

https://support.google.com/googleplay/android-developer/contact/otherbugs

I filled an issue, and they contacted me within 1 day.

Update: After following their email instructions I was able to create a new upload key, and it was enabled a few days later! Problem solved.

First download AndroidKeystoreBrute_v1.05.jar and then follow the given image.

prepare one wordlistfile like(wordlist.txt), in that file give your hint like

Password Hint:

users

Users

Password

password

pa55word

Password

@

$

&

1

2

123

789

U will get your password.

Adding this as another possibility. The answer may be right under your nose -- in your app's build.gradle file if you happened to have specified a signing configuration at some point in the past:

signingConfigs {
    config {
        keyAlias 'My App'
        keyPassword 'password'
        storeFile file('/storefile/location')
        storePassword 'anotherpassword'
    }
}

Do you feel lucky?!

I had the same problem at once. Even though with App signing by Google Play, loosing keystore or it's password is not a big deal like earlier, Still as a developer we rather prefer to change it's password and use a generated keystore file without waiting for few days to google to handle it. ( To handle this issue with google use this link to make a request) To handle this issue by ourselves, First download two .java files from this link. Then compile the ChangePassword.java by javac ChangePassword.java command. Then after you may run

java ChangePassword <oldKeystoreFileName.keystore> <newKeystoreFileName.keystore>

Change oldKeystoreFileName.keystore with the path/ name of your current keystore file, and newKeystoreFileName.keystore with path/name for the new generated new keystore file. This will promot you to

> Enter keystore password:

. Just enter whatever you prefer :) no need to be the original password that lost. Then Enter the new password with *

> new keystore password:

• Voila, that's it. This won't change the checksum of your keystore and won't make any issues in app signing or uploading to play.google events.

IF you're able to build your app from a PC, but you don't recall the password, here's what you can do to retrieve the password:

Method 1:

In your build.gradle, add println MYAPP_RELEASE_KEY_PASSWORD as below:

signingConfigs {
    release {
        if (project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
            storeFile file(MYAPP_RELEASE_STORE_FILE)
            storePassword MYAPP_RELEASE_STORE_PASSWORD
            keyAlias MYAPP_RELEASE_KEY_ALIAS
            keyPassword MYAPP_RELEASE_KEY_PASSWORD
            println MYAPP_RELEASE_KEY_PASSWORD
        }
    }
}

After that, run cd android && ./gradlew assembleRelease

Method 2:

Run keytool -list -v -keystore your <.keystore file path> e.g. keytool -list -v -keystore ./app/my-app-key.keystore.

It will ask for you to Enter keystore password: Just press enter key here. and you will be able to find mapped to Alias name:

Then, run grep -rn "<your alias name>" . in your terminal and you will be able to see your signing.json file as below:

./app/build/intermediates/signing_config/release/out/signing-config.json

The file will have your password in json format with key "mKeyPassword":" < your password > "

SOLUTION 2018: Sign app with new keystore file if you missing password or jks file.

1) Create new keystore.jks file with comand line (not android studio build menu)

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

Windows example: "C:\Program Files\Android\Android Studio\jre\bin\keytool.exe" -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore "C:\keystore_new.jks"

2) Generate a .pem file from new keystore

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

Windows example: "C:\Program Files\Android\Android Studio\jre\bin\keytool.exe" -export -rfc -alias upload -file "C:\upload_cert.pem" -keystore "C:\keystore_new.jks"

3) Use this support form, set "keystore problem" and with attachment add .pem file: https://support.google.com/googleplay/android-developer/contact/otherbugs

4. 12-48h you new keystore is enabled. Update your app on playstore with new apk signed with new keystore :D

Open taskHistory.bin and search for storePassword

In Ionic I was able to find it here: /app/platforms/android/app/build/intermediates/signing_config/release/out/signing-config.json

Maybe this will help someone. cheers.

Just to simplify things here, this solution works in 2020 for gradle ver: 5.4.1 >Open the file: project\.gradle\5.4.1\executionHistory.bin

Key Store password:

Search for "storePassword" text

For Key Password:

Search for "keyAlias" text

After search check for the password in the same line or the next line.

Android brute force will not work if your both the passwords are different so the best option might be like that try to find the file named as

log.idea

in your C:/users/your named account then you might found that in there in android folder open that file lpg.idea in notepad and then search for

alias

using find option in notepad you will find it that the password and alias and alias passwors has been shown there

I have found the password in

C:\Users\{Username}\.AndroidStudio2.2\system\log\idea.txt

Search for

Pandroid.injected.signing.store.password

Go to taskhistory.bin in .gradle folder of your project search password scroll down till you find the password

Today 2/2/2021, I can find my pw in the file name "executionHistory.bin". Let you open it by notepad++ and search for key keyPassword. See the attached picture below.

https://i.stack.imgur.com/NNHFA.png

There is a way you can reset your password.

Go to this link, Describe your issue (Forgot KeyStore Password) and generate a token. https://support.google.com/googleplay/android-developer/contact/otherbugs

If you are lucky then within 1 hour you will get a replay. (Generally, it takes up to 2 days).

You will need to generate a new key and upload_certificate.pem and send it to google to reset. Yow will be given instruction in the mail.

To generate upload_certificate.pem go to android studio terminal and type :

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

To summarise there are 3 answers to this question (and the solution is not given by the accepted answer):

1. If you have your logs intact, then you can find the password in the Android Studio log files as per Georgi Koemdzhiev's answer above.

2. You can retrieve the password from the 'taskArtifacts.bin' file in your .gradle directory as per ElDoRado1239's and Gueorgui Obregon's answers above. This doesn't seem to work for newer versions of Gradle (2.10 and above).

3. Use AndroidKeystoreBrute to guess or bruteforce your password as per Srinivas Keerthiprakasam's answer above.

All these 3 solutions are covered in-depth at this link.

C:\Users\admin\AndroidStudioProjects\TrumpetTVChannel2.gradle\2.14.1\taskArtifacts\taskArtifacts.bin

1st try to create new keystore....then open taskArtifacts.bin with notepad and look for password that you just given....you will able to figure out words near to password that you just given then search for these words near to your password in same file....you will able to figure out the password.....:)

If Nothing work try these line. Move to the path where .jks is stored. Run this command in command prompt. It will ask for password, ignore that and press enter.

keytool -list -keystore sample.jks

I know that this question is AGES old but I saw many answers who were basically saying brute-force is the way to go, which is simply not true because devs usually have a strong and long password, which can't be brute-forced that easily, also it takes days and you have to have your computer running 24/7, so my solution is simple - Contact the support, they will even generate a new key for you, it's the fastest solution you will get.

No need to use brute force a simple way is to find your plain text password.

goto:

C:\Users\<your username>\AndroidStudioProjects\WhatsAppDP\.gradle\2.2.1\taskArtifacts

Open:

taskArtifacts.bin 

when you open taskArtifacts.bin might look encrypted, don't worry about that search for ".keyPassword" a couple times. Then you will find your password in plain text. It may resemble:

signingConfig.keyPassword¬í t <your password>Æù

Hope this was helpful.

In my case I was getting the alias name wrong, even though I stored the correct password. So I thought it was the wrong password (using ionic package) so i used this command to get the alias name

keytool -list -v -keystore

And I was able to use the keystore again!

Well to look up for lost keystore password you can try this, For me the following solution worked pretty well.

find the idea log files in ~/Library/Logs/AndroidStudio2.0. You can also locate these by opening Android Studio-> Help->Show Log in File manager.

Open the idea.log file. Note: There may be multiple files named idea.log.1, idea.log.2 etc. Look through each of them till you find the password.

Search for “Pandroid.injected.signing.key.password” and you can see the key password.

Hope it helps...

I have experienced same problem, I have tried below steps to solve the problem :-

1. Create sign apk with creating new keystore and new password.

2. Now create again sign apk by using your old keystore (keystore used at the time of previous apk build upload) but now use new keystore password.

3. Now definitely you will create successfully sign apk using old keystore.

• Hope this solution will help you..

In my case I had upgraded my Android Studio from 2.3 to 3.0.1, When I trying to generate a signed apk for a new update I got "Keystore was tampered with, or password was incorrect" error. I had my previous Keystore and I was absolutely sure of the password, using them I had updated the app before a couple of times. After searching a lot none of the solutions worked for me. Here is what I did.

• Opened another project.
• Imported my project using File/New/Import Project
• Once Gradle was built I tried to generate a signed apk. Build/Generate signed APK
• Clicked on "Choose Existing" and provided the path to my Keystore.
• typed in my key store password
• selected the key alias
• typed in my key password (In my case both key store password and key password are the same)
• Clicked next and provided a path for the new Apk and checked both checkboxes.
• New APK got generated successfully.

Hope this helps anyone.

If you are a Mac user try checking out the Keychain Access application. My password was saved there under Passwords named org.jetbrains.android.exportSignedPackage.KeystoreStep$KeyStorePasswordRequestor. Alternatively, you can search in the Keychain Access for android to find the password in the Keychain app.

Not sure how the password ended up there though. But I don't recall myself putting it there. So must be Android Studio. Hope this is helpful.

Note: don't forget to Rebuild Project or Clean Project before you try signing with an updated password. Otherwise, Android Studio may fail to build the apk though the password is correct.

---

I faced the same problem also tried various methods to recover . Either I was wrong with "Keystore Password" or "Alice Name", or may be with ".JKS" name. So I was not sure about that, what is wrong though I tried all the methods above but unable to track back .

---

• There is one technical method I found helpful is Link from Linkedin.

• Or you can ask help from Google Playstore Support Team in case none of the methods are working i.e. : Google Playstore Help . Login with you registered email address from where you submitted your android app in Google Playstore, mention proper Developer ID, name, Project Package name as per the real, while submitting the application form through the link.

---

Hope anyone of the those link will be helpful for you.

---

Android Keystore Password Recovery tool helped me 100% but it takes too much time. (For my case it takes my whole night to recover my password.)

You can contact Google Play Console Support with this issue and they will be able to reset the keystore for you to a new keystore. Then you will be able to publish future updates without having to to change the package name, and therefore you will be able to continue to be able to update the same app.

In the play console click the help button at the top > Scroll down to heed more help and click "Contact Us" > Type in you need help with a Keystore Reset > Click "next step" > Click "Upload key reset request" > Click "Contact Google Play Developer Support" > Then choose a contact method to contact them to reset it for you.

Alternatively, if the password was previously used in AndroidStudio but you don't remember it, you can retrieve the passwords from your Mac's keychain.

Steps:

1. Launch "Keychain Access"
2. Search for jetbrains
3. Open the rows by double clicking on them.
4. In the details dialog, click on show password. You will have to enter your login again to unlock the keychain.

Tada!