20

What's the easiest way to find signature of an apk file? Please note that I'm not asking about code. I just want to find it from my pc. Signature like this one 975yYkKAQF+KST7g3ASHvHkYopq=

user3548321
  • 523
  • 2
  • 8
  • 18

5 Answers5

27
$ $ANDROID_SDK/build-tools/$BUILD_TOOLS_VERSION/apksigner verify --print-certs -v $APK_FILE

Example:

$ /Users/hborders/android/build-tools/29.0.2/apksigner verify --print-certs -v ~/Desktop/my-apk.apk

Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Number of signers: 1
Signer #1 certificate DN: CN=Bob Smith, OU=Acme, O=Acme, L=San Francisco, ST=California, C=US
Signer #1 certificate SHA-256 digest: f1f2f3f3f21f26a67s76a6a76a76a76a76a67c78c8c78c709c90c90c09932451
Signer #1 certificate SHA-1 digest: 839103847abdefcbade123713957358920
Signer #1 certificate MD5 digest: 182831983712923f2e2e2f2a2c2fbc25
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 1024
Signer #1 public key SHA-256 digest: 8acaca8cabcaabdadc8cc99cc695ace47aec4c747c746c476cae4657c47c4765
Signer #1 public key SHA-1 digest: b11bca4123bea24befbe5b8be9768ef078

apksigner is part of the Android SDK in the build-tools directory. It's the tool print-apk-signature uses.

Heath Borders
  • 30,998
  • 16
  • 147
  • 256
9

You can use Java 7’s Key and Certificate Management Tool ( keytool) to get the signature of app. Run bellow command

keytool -printcert -jarfile app-release.apk

You can also get Signature of a Keystore please check this post: How we can check SHA1 or Signature of APK and Keystore file

Aneh Thakur
  • 1,072
  • 12
  • 20
6
Signature[] sigs = context.getPackageManager().getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES).signatures;
for (Signature sig : sigs)
{
    Trace.i("MyApp", "Signature hashcode : " + sig.hashCode());
}

http://developer.android.com/reference/android/content/pm/PackageManager.html

this might help

First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file).

Then issue this command:

keytool -printcert -file ANDROID_.RSA You will get certificate fingerprints like this:

 MD5:  B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
 SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
 Signature algorithm name: SHA1withRSA

Then use the keytool again to print out all the aliases of your signing keystore:

keytool -list -keystore my-signing-key.keystore You will get a list of aliases and their certificate fingerprint:

android_key, Jan 23, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB Voila! we can now determined the apk has been signed with this keystore, and with the alias 'android_key'.

Keytool is part of Java, so make sure your PATH has Java installation dir in it.

How do I find out which keystore was used to sign an app?

Community
  • 1
  • 1
Charuක
  • 12,953
  • 5
  • 50
  • 88
  • Please see my updated question. I'm not asking about code – user3548321 Jul 25 '16 at 01:49
  • why you want to find the signature itself manually or do you want to get the path of the signed apk? – Charuක Jul 25 '16 at 01:53
  • No I want to find the signature itself. Not just path – user3548321 Jul 25 '16 at 01:54
  • But one question,/////android_key, Jan 23, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB Voila! we can now determined the apk has been signed with this keystore, and with the alias 'android_key'.////// See my question and the format of the certificate. Why's it different? I want to get the same format like this one "975yYkKAQF+KST7g3ASHvHkYopq=" – user3548321 Jul 25 '16 at 02:09
  • @user3548321 Did u get solution? – Javadroider Jul 22 '17 at 11:29
4

https://github.com/warren-bank/print-apk-signature

ex: print-apk-signature ./file.apk SHA-1

W. B.
  • 63
  • 1
  • 5
1

You can use apksigner which is available in Android build-tools to get the signature:

ebra@him:~/Android/Sdk/build-tools/30.0.3$ ./apksigner verify --print-certs -v ~/application.apk 
Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): true
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer #1 certificate DN: CN=Supreeth Herle
Signer #1 certificate SHA-256 digest: 87f10d5ab8a769bff49200039bbd5d17a0f9d0b9bcccabc36527ec3c98d978dd
Signer #1 certificate SHA-1 digest: e46872f28b350b7e1f140de535c2a835804f0be3
Signer #1 certificate MD5 digest: fabb11667489da8f214ed30d8efd0979
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: 530468d2918764b0244a46ea406bfeb1742f4da73b6d86eefb4005c37fc04a3b
Signer #1 public key SHA-1 digest: 884c2bf64530118dde84250ed8a03e2c2c2bb3aa

And then you can convert the corresponding signature to your desired format (which is base64) using built-in Linux tools:

ebra@him:~/Android/Sdk/build-tools/30.0.3$ ./apksigner verify --print-certs -v ~/application.apk | grep 'certificate SHA-1' | cut -d ':' -f 2 | xxd -r -p | base64 
5Ghy8os1C34fFA3lNcKo1YBPC+M=
Ebrahim Ghasemi
  • 5,850
  • 10
  • 52
  • 113