About signing keys

For each version of an application that you add, Kaspersky Appicenter for Developers verifies that your company released the application. This confirms that added applications are trusted. The verification is accomplished using a signature key pair, which includes the following parts:

• The private part of the signing key (private key), which you must use to sign the application package.
• The public part of the signing key (public key), which you must add to the Kaspersky Appicenter for Developers portal.

You can publish an application only if it is signed with a private key and you added the corresponding public key to the Kaspersky Appicenter for Developers portal.

All public keys that you have added to the Kaspersky Appicenter for Developers portal are displayed in the Keys section.

For each added public key, the table displays the following information:

• Key name – the public key name that was specified when the key was added.
• ID – unique ID of the public key.
• Signed applications – all applications and their versions that are signed with the private key that corresponds to the public key.
• Creation date – the date when the public key was added to Kaspersky Appicenter for Developers.
• Status – the status of the public key. A key can have one of the following statuses:
  • Active – the key can be used to verify the application signature.

    This status is automatically assigned to a public key after it is added to the portal.

  • Archived – the key has been archived, because it is outdated and cannot be used to verify the signature of new applications and their versions.
  • Compromised – the key has been revoked, because it is no longer trusted and cannot be used to verify the signature of new applications and their versions. Applications signed with the corresponding private key are also marked as revoked and compromised.

Page top