access denied using pepk.jar to upload key to Play Console

Question

In Google Play console I have an apk app (i.e. not using app bundles) that I have been signing myself. Now I want to convert to using app bundles and hand off my existing key to Google. I'm following the setps "Let Google Play manage your app signing key>Use existing app signing key from Java keystore." I have downloaded their public key and their tool, pepk.jar. When I try the suggested command line syntax I get access denied no matter what output directory I try. (I've tried dirs in my c:\users... I've tried dirs under the zulu install tree, but I'm guessing there.) I'm running an elevated command prompt window, so this seems to be a java permissions issue. I've tried with a clean download of zulu java see version output below.

All the assets are in my c:\temp. The command I'm running is this:

c:\TEMP>java -jar pepk.jar --keystore=Samson.keystore --alias=Samson --output=c:\temp --rsa-aes-encryption --encryption-key-path=c:\temp\encryption_public_key.pem
Enter password for store 'Samson.keystore':
Enter password for key 'Samson':
Error: Unable to export or encrypt the private key java.nio.file.AccessDeniedException: c:\temp
at java.base/sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:89) ....

c:\TEMP>java -version
openjdk version "17.0.8" 2023-07-18 LTS
OpenJDK Runtime Environment Zulu17.44+15-CA (build 17.0.8+7-LTS)
OpenJDK 64-Bit Server VM Zulu17.44+15-CA (build 17.0.8+7-LTS, mixed mode, sharing)

I'm on Windows 10 pro 21H2

Thanks for any suggestions,

Steve

Answer 1

I was able to find an alternate tool that worked, available here: https://www.gstatic.com/play-apps-publisher-rapid/signing-tool/prod/pepk.jar

The command is slightly different:

cmd shell: java -jar files_location\pepk.jar --keystore=keystore_name --alias=alias_name --output=files_location\keystore_name.pepk --rsa-aes-encryption --encryption-key-path=files_location\google_provided_publickey