*This is part 2, continuing from: AIR / Apache Flex 2021: How to compile Android App Bundle

So in the previous step, we prepared our project to be compiled to the new shinny .aab, thanks to AIR from Harman, and now we need to sign it and upload to Play Store.

The typical process most of AIR Android developers is using a self signed .p12 but here comes the biggest change in our process. In order to upload an Android App Bundle in Play store, we need to opt in to Play App Signing. As state in the store:

Allow Google to protect the app signing key for your app and sign each release so Android devices can trust that updates are from you. This is a requirement to publish with the Android App Bundle.

If you are using either .JKS or .p12 you can follow the guide bellow to prepare your store listing for .aab . Remember AIR support multiple different keystore formats.

As you can see, there are 3 ways to upload your key in the store. In my case I needed to update an app from .apk to .aab so the easiest (again this is my opinion, you might find other ways easier) path to follow was option 2.

Export private key from .p12

In this method I am going to show you how to keep using your .p12 without the need to migrate to .jks. This will allow us upload a private key with the second method “Export and Upload a key from java keystore”

If you want to also migrate from .p12 to .jks, check the “Convert .p12 to .jks”

For this step you will need to download the pepk tool, as seen in the Store guide.

Export and Upload a key from java keystore

After you download it all you have is to replace foo.keystore with the name of your cert (ex. my_p12_cert.p12) and -alias=foo with the name of your alias.

Note that the -srcalias is 1 here as I am using a certificate which was generated using Flash Builder 4.7. This will use 0 or 1 as alias. If you are not sure what your alias is, you can find it from keytool:

keytool -v -list -keystore my_keystore.p12

Once you have everything ready, run the command

java -jar pepk.jar — keystore=simpleapps_2048_2021.p12— alias=simpleapps -output=encrypted_private_key_path.zip — encryptionkey=eb10fe8f7c7xxxxxxxxxxxxxxx

This will create a new file encrypted_private_key_path.zip in your working path. You can now upload it to Play store.

Once done you can upload your .aab as you would normally do with *.apk

Convert .p12 to .jks (optional)

The first step, is converting the .p12 we have used in the past to sign our app (which we are going to update from apk to aab) to .jks. In order to do so, we are going to use Java and Keytool.

keytool -importkeystore -srckeystore [MON_FICHIER.p12] -srcstoretype pkcs12 -srcalias [ALIAS_SRC]
-destkeystore [MON_KEYSTORE.jks] -deststoretype jks -deststorepass [PASSWORD_JKS] -destalias [ALIAS_DEST]

keytool -importkeystore -srckeystore simpleapps_2048_2021.p12 -srcstoretype pkcs12 -srcalias 1 -destkeystore simpleapps.jks -deststoretype jks -deststorepass 123456 -destalias simpleapps


  1. Keep in mind that Android App Bundles contain code for all platforms meaning armeabi-v7a (32bit) arm64-v8a (64bit) but also x86. This means that if you are using ANEs, you have to make sure they support all 3 to avoid crashes.

2. After testing the latest version .554 everything seems to work as should. It should now be considered safe to migrate from .apk to .aab.

If you enjoyed this article and it helped you somehow, follow me to keep updated.

💻 Tech Enthusiast | 🕹️ Gamer |📱 Mobile Developer | Fortune 40Under40, ✌️ GDG Athens, WTM Ambassador | 🎯 PTIEP Mentor