33

Is there any way to get key hash from signed APK? We have a signed Android apk file, and we want to find out key hash of this APK, for Facebook SDK. Can we do that by something like jarsigner?
Any suggestions?

Freak
  • 6,786
  • 5
  • 36
  • 54
Zheng Li
  • 333
  • 1
  • 3
  • 6
  • try to check [this](http://stackoverflow.com/questions/11864700/signed-apk-has-different-key-hash-for-facebook) answer – mmoghrabi Jul 02 '13 at 11:08

7 Answers7

49

On linux, I used this command to get the key hash from an apk:

 keytool -list -printcert -jarfile [path_to_your_apk] | grep -Po "(?<=SHA1:) .*" |  xxd -r -p | openssl base64

For Mac Users (OS X) as there is no grep -P support

keytool -list -printcert -jarfile ~/Downloads/YOURAPKFILE.apk | grep "SHA1: " | cut -d " " -f 3 | xxd -r -p | openssl base64

Community
  • 1
  • 1
user521297
  • 501
  • 4
  • 6
  • 1
    Thank you for offering an answer to the specific question. I needed to compare the hash of an existing APK to that of a new one to make sure they were signed with the same key. Generating the hash from the keystore file, as in the accepted answer, is not sufficient. – Frank Pape Jul 17 '15 at 03:21
  • 15
    For OSX (no grep -P support). `keytool -list -printcert -jarfile ~/Downloads/YOURAPKFILE.apk | grep "SHA1: " | cut -d " " -f 3 | xxd -r -p | openssl base64` – caller9 Aug 05 '15 at 21:02
  • 1
    @caller9 your terminal command, `keytool -list -printcert -jarfile ~/Downloads/YOURAPKFILE.apk | grep "SHA1: " | cut -d " " -f 3 | xxd -r -p | openssl base64` was exactly what I was looking for. Thank you – VirtualProdigy Sep 21 '16 at 14:27
  • is this Hash same as the one we get from the package manager programmatically? – Ege Kuzubasioglu Dec 26 '17 at 08:18
  • can you provide the command for windows also to get the key hash from an apk? – Pravinsingh Waghela Apr 24 '18 at 11:27
38

For windows users getting the key from openssl, may be tricky some times.. I always use this to find the right signature.. Just paste this code in your onCreate() and run. 

 // Add code to print out the key hash
  try {
  PackageInfo info = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
  for (Signature signature : info.signatures) {
  MessageDigest md = MessageDigest.getInstance("SHA");
  md.update(signature.toByteArray());
  Log.e("MY KEY HASH:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
      }
  } catch (NameNotFoundException e) {

  } catch (NoSuchAlgorithmException e) {

  }

Update:

Using Android studio(2.1.2):

  1. Open your project on studio and click on the gradle icon.
  2. Choose your app -> Tasks -> android -> SigningReport

This will run a gradle task that will print the debug and release certificate with md5 and sha1 keys

Sudhansu
  • 780
  • 1
  • 9
  • 28
amalBit
  • 12,041
  • 6
  • 77
  • 94
  • Please notice that the package name could be any thing installed on that phone, so you can get write a new app, and get other app's key hash using this method. – Zheng Li Jul 03 '13 at 01:21
  • Using Gradle 4.1, I didn't see the output for release the report was `Variant: release Config: none`, any Idea why? – john-salib Nov 19 '17 at 10:04
  • 1
    @john-salib we have to set up the release config frirst. https://stackoverflow.com/questions/18460774/how-to-set-up-gradle-and-android-studio-to-do-release-build – amalBit Nov 19 '17 at 19:05
1

It's too late to answer but its very quick way to get Signed app key hash.

Install apk and it can extract all apps key hash.

Download from: https://apkpure.com/key-hash-key/notimeforunch.keyhash

Shiv Singh
  • 6,939
  • 3
  • 40
  • 50
1

Unfortunately, it is no longer possible to provide a timely response, but there is an efficient method to obtain the Signed App Key Hash. Please execute the following command in your terminal:

keytool -printcert -jarfile app.apk

Extract the SHA1 value from the output. Then, visit the below website and input the extracted hexadecimal value into the designated field. Afterward, click on the conversion button.

http://tomeko.net/online_tools/hex_to_base64.php

Please retrieve the Keyhash value from the Output (base64) field.

Ashish Rajvanshi
  • 91
  • 6
0

When I built my Facebook app. I used my Android keystore. There is a hashing function for that. Commonly used in the Google API's.(See there for instructions). If you own the app and signed it; this should be no issue otherwise..your basically screwed.There is no way.

SonicWind
  • 58
  • 1
  • 6
0

You can also use following approaches for getting Sha1 Hash in base64 (as required in case of facebook) from your apk signing keystore file:-

Mac: keytool -exportcert -alias <KEY_STORE_ALIAS> -keystore <KEY_STORE_PATH> | openssl sha1 -binary | openssl base64
 
Windows: keytool -exportcert -alias <KEY_STORE_ALIAS> -keystore <KEY_STORE_PATH> | openssl sha1 -binary | openssl base64

You would also need to have openssl for this command.

For example:

keytool.exe -list -v -keystore "%LocalAppData%\Xamarin\Mono for Android\debug.keystore" -alias androiddebugkey -storepass android -keypass android | openssl sha1 -binary | openssl base64

Where, "%LocalAppData%\Xamarin\Mono for Android\debug.keystore" should be replaced with path to your keystore file used for signing your apk (while in debugging or adhoc destribution).

AbhiAbzs
  • 134
  • 2
  • 12
0
keytool -printcert -jarfile 123.apk

or

keytool -printcert -file CERT.RSA
succlz123
  • 66
  • 6