1

Title: pepk.jar fails with javax.crypto.BadPaddingException preventing Play App Signing enrollment for existing app

Problem Statement:

We are trying to enroll an existing Android app (com.clsreview.clsreview) in Google Play App Signing. We possess our original, valid private key and its password, and can successfully sign app bundles (.aab) using Gradle. However, Google's official pepk.jar tool consistently fails to encrypt our private key, returning a javax.crypto.BadPaddingException. This is completely blocking our ability to enroll in App Signing and thus to update our application on the Play Store.

Context:

  • App Package: com.clsreview.clsreview (existing, published app)
  • Key Type: 2048-bit RSA key within a JKS/PKCS12 keystore.
  • Key Status: Not lost, password is known and verified working with keytool, openssl, and Android Gradle plugin.

Detailed Steps Taken & Troubleshooting:

  1. Attempted with Original JKS Keystore:
    • Result: pepk.jar v1.0 failed with "Password verification failed" (misleading).
  2. Created Clean PKCS12 Keystore via OpenSSL:
    • We successfully extracted private_key.pem and certificate.pem using OpenSSL from our original keystore, confirming key validity and password.
    • We then created a pristine new_keystore.p12 using OpenSSL from these PEM files.
  3. Attempted with Clean new_keystore.p12 and Latest pepk.jar:
    • We downloaded the latest pepk.jar from the Google Play Console's App Signing page.
    • The exact command we executed was:
         java -jar pepk.jar \
              --keystore=new_keystore.p12 \
              --alias=key0 \
              --output=pepk-output.txt \
              --include-cert \
              --rsa-aes-encryption \
              --encryption-key-path=encryption_public_key.pem \
              --keystore-pass=pass:YOUR_PASSWORD \
              --key-pass=pass:YOUR_PASSWORD
  • Consistent Failure: This command still fails with the BadPaddingException.
  • This is the full error trace received:
Error: Unable to export or encrypt the private key
java.io.IOException: keystore password was incorrect
                  at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2092)
                  at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:243)
                  at java.base/java.security.KeyStore.load(KeyStore.java:1479)
                  at
  com.google.wireless.android.vending.developer.signing.tools.extern.export.KeystoreHelper.loadKeystore(KeystoreHelper.j
  ava:53)
                  at
  com.google.wireless.android.vending.developer.signing.tools.extern.export.KeystoreHelper.getKeystore(KeystoreHelper.ja
  va:39)
                  at
  com.google.wireless.android.vending.developer.signing.tools.extern.export.ExportEncryptedPrivateKeyTool.run(ExportEncr
  yptedPrivateKeyTool.java:207)
                  at
  com.google.wireless.android.vending.developer.signing.tools.extern.export.ExportEncryptedPrivateKeyTool.main(ExportEnc
  ryptedPrivateKeyTool.java:165)
          Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry:
  javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used
  during decryption.
                  ... 7 more
  1. Java Environment Testing:
    • We tested the command using both OpenJDK 17 (our primary environment) and OpenJDK 11 (a common LTS version). The exact same BadPaddingException persists across both JDKs.
  2. Attempted Manual Python Implementation:
    • We attempted to write Python scripts to replicate pepk.jar's functionality, but these failed due to cryptographic complexity.

Questions for the Community:

  1. Has anyone successfully overcome this specific javax.crypto.BadPaddingException when using pepk.jar with a demonstrably valid key? If so, what was the solution?
  2. Are there known specific incompatibilities between pepk.jar (even the latest versions) and PKCS12 files generated by certain OpenSSL versions or specific key formats (e.g., 2048-bit RSA keys from older origins)?
  3. Given that we have the raw private_key.pem and encryption_public_key.pem files, is there a reliable, documented method or an existing tool (other than pepk.jar) that can correctly generate the encrypted .pepk file required for Play App Signing enrollment?
  4. Are there any alternative methods for enrolling an existing app in Play App Signing when the official pepk.jar tool is demonstrably failing due to a bug?

We are completely blocked from updating our app and are seeking any insights or workarounds the community might offer.

Thank you for your time and expertise.

Improve this question
3
  • Which exact version of Java 17 do you use? PKCS#12 files allow entries to be encrypted by 3DES or AES. Java supported for a long time only 3DES, not sure if the first Java 17 releases do already support it, Java 11 definetly is too old. If nothing helps use Java 21 for the signing process. Commented Dec 12, 2025 at 16:18
  • You can check the p12 file using Java keytool or alternatively using Key Store Explorer keystore-explorer.org Commented Dec 12, 2025 at 16:24
  • Robert you are a genius! Java 21 fixed the problem. Will post details below, even google support couldn't help, thank you! Commented Dec 14, 2025 at 6:41

1 Answer 1

Reset to default
1

SOLVED: The issue was twofold:

1. Java 11 AES incompatibility: Java 11 only supports 3DES encryption for PKCS#12 files. When converting JKS→PKCS#12,

keytool defaults to AES encryption, which Java 11 cannot decrypt, causing the BadPaddingException.

2. Expired encryption key: The hex encryption key in older tutorials has expired. Google now requires the RSA-AES

encryption method with a PEM file.

Solution:

Step 1: Install Java 21

Download and install Java 21 (has full AES support): https://adoptium.net/temurin/releases/

Step 2: Convert keystore with Java 21

"C:\\Program Files\\Eclipse Adoptium\\jdk-21.x.x\\bin\\keytool.exe" -importkeystore \\
  
    -srckeystore your_keystore.jks \\
  
    -srcstoretype JKS \\
  
    -destkeystore output.p12 \\
  
    -deststoretype PKCS12

Step 3: Download fresh encryption key

In Google Play Console → App Signing → Download the encryption public key (.pem file)

Step 4: Run pepk.jar with RSA-AES encryption

java -jar pepk.jar \\
  
    --keystore=output.p12 \\
  
    --alias=your_alias \\
  
    --output=encrypted_private_key.pepk \\
  
    --rsa-aes-encryption \\
  
    --encryption-key-path=encryption_public_key.pem

Step 5: Upload encrypted_private_key.pepk to Google Play Console

This resolved the issue completely. Java 21's AES support + the current PEM-based encryption method are both required.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.