You will need the original private key that you used to sign the first version.
Full information is available here, but here is the excerpt it sounds like you need:

Application upgrade – As you release
updates to your application, you will
want to continue to sign the updates
with the same certificate or set of
certificates, if you want users to
upgrade seamlessly to the new version.
When the system is installing an
update to an application, it compares
the certificate(s) in the new version
with those in the existing version. If
the certificates match exactly,
including both the certificate data
and order, then the system allows the
update. If you sign the new version
without using matching certificates,
you will also need to assign a
different package name to the
application — in this case, the user
installs the new version as a
completely new application.

AFAIK, .key is not a standard (conventional) file ending. Most of the time you are working with a .keystore file. The keystore contains the key. The keystore and the key both have passwords and separate security measures for safety.

If you generated your “.key” file using jarsigner and one of the commands listed here, then you likely created a keystore file and happened to give it the ending “.key” If this is the case, then just compile your application into release mode, sign the application using the jarsigner tool, and use zipalign (not sure what this is for, compression perhaps?).

If you don’t have the original keystore and key file, then you’re boned. Sorry :/ Tons of other info can be found on the Signing Your Application page

HTH,
Hamy