.p12 to unity.keystore + encryption key from Play Console App Signing causing 'Wrong Password' in Unity

Question

I have an app published 7 years ago on Google Play and made with Adobe Animate. Signing certificate there was .p12 PKSC#12 type, 1024 bits. I've ported application with Unity 2019.4, converted my .p12 key to .jks using portecle and then just changed extension to .keystore. That's was ok and Unity catch this converted keystore. But (my bad) i've decided to sign application with 'App integrity' section in Play Console.

I've upgraded keystore with encryption key provided by Play Console using pepk.jar as it suggested by Google and Unity dont want to understand upgraded keystore anymore. Just gives an error message all the time 'Wrong Password' (but i'm sure password is correct). Moreover, Portecle dont want to understand it too, with error

Could not open 'C:\blabla.jks' as a keystore.

What i've did step by step.

1. Opened my original p12 in Portecle and changed keystore type to JKS.

2. With portecle changed password coz it was short.

3. Opted in Play Console App Signing, choosed 'Use existing app signing key from Java KeyStore' option, and used PEPK tool with command below

java -jar pepk.jar --keystore=foo.keystore --alias=foo --output=encrypted_private_key_path --encryptionkey=generated-key-here

4. Uploaded encrypted key to Play Console.

5. Changed extention of encrypted by PEPK jks-file to .keystore.

6. Tried to use it Unity to sign application and got 'Wrong Password' error.

What do i have in the bottom line: changed fingerprints in Play Console; original key which cant be used to sign unity's application coz of changed fingerprints; changed with PEPK tool keystore which cant be used with Unity coz seems it broken somehow.

If i've try to read keystore with keytool or change it some how, all the time a variety of errors like

input not x.509 certificate

or

derinputstream.getlength lengthTag=107 too big

and so on.

The question to experts is - what i did wrong?