Build Error Signing Keytool Get key from store

Expo is unable to read keystore.
1.Requested a Reset from Google Play
2. Created new keystore with key, send them the extracted pem file
keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks
keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks
3. Selected on expo upload own keystore
4. The grade prozess fails with following error

FAILURE: Build failed with an exception.
Execution failed for task ':app:packageRelease'. Failed to read key meta*****_wege***** from store "/tmp/turtle/keystore-e2310848-cbfb-45fb-9638-9adf67917333.jks": 

Get Key failed: Given final block not properly padded

Validate the password several time with keytools and Keystore Explorer. All passwords and Aliase are OK.

Also the Hash SH1 SH256 are same like on my Google Play app.
On expo opt n on Google signing

Cleared my creditetials with - c

Yesterday there was a lot of expo Server crashes. Don’t know if this was a reason.

What else can I do to get expo work with my uploaded keystore creditetials?

Expo CLI 3.9.1 environment info:
OS: OS X El Capitan 10.11.6
Shell: 3.2.57 - /bin/bash
Node: 12.12.0 - /usr/local/bin/node
Yarn: 1.17.3 - /usr/local/bin/yarn
npm: 6.9.0 - /usr/local/bin/npm
Watchman: 4.9.0 - /usr/local/bin/watchman
Xcode: 8.2.1/8C1002 - /usr/bin/xcodebuild
expo: 35.0.0 => 35.0.0
react: 16.8.3 => 16.8.3
react-native: => 0.59.8
react-navigation: ^3.11.0 => 3.13.0
expo-cli: 3.9.1

on some systems (or java versions) keytool generates by default keystore in pkcs format instead of jks.
you can verify it with keytool -list file.jks whether it’s in correct format.

If this is a case you have two options

  1. generate new keystore with -storetype option
  2. convert existing one using keytool -importkeystore ...

Thank you wkozyra
Went the Second Option and converted with the keytool. Indeed you are right it was a pkcs12 keystore.
Converted with following keytools command

keytool -importkeystore -srckeystore [MY_OLD_KEYSTORE.jks] -destkeystore [MY_NEW_KEYSTORE.jks] -srcstoretype PKCS12 - deststoretype JKS -deststorepass [PASSWORD_KEYSTORE]

This worked new Keystore with same HASH but JKS Format .
the keytool console spit out a waring that i should convert the keystore to pcks format since this is industry standard with a command line how to do it -Ignored this
Problem solved ? NO
Build failed with Error : “Cannot recover key”

What I can see in the keystore Explorer My New and old Keystores have a
Subject Name with my name First Name Second Name

The EXPO created Keystore have the package name as Subject and Isssuer
Certificate Subject’s distinguished name com.PACKAGENAME
Certificate Issuer’s distinguished name com.PACKAGENAME

Could this be the problem why the Expo failed with this keystore ?

If so the hole process how to create a new keystore for my app from Google was wrong. As there was never a place i could enter my package name .

Changing this field is impossible without destroying the keys right ?

pkcs format has only password for keystore, but jks has one to access keystore and separate password for each alias/key. You didn’t specify password for alias(-destkeypass) in your keytool command so it’s either used the same password for keystore or it asked you interactively about this. Are you sure that you specified correct passwords in keytool command and when building using expo-cli?

All the other fields you mentioned are not relevant and won’t cause any problems. Keystore type, keystore password, alias and alias password are only values that you need to wory about.

1001 Thanks wkozyra indeed that was causing the error.
Keystore and Alias Key was the same .
Don’t know where i lost the Alias password,
but at least i can update again the app .

Thank you Great Support here