7

I would like to use the signature checksum instead of the package checksum when provisioning a device with a device owner app. The app will be downloaded from an http server.

This post is great when using EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM: Checksum Error while provisioning Android Lollipop

But I would like to use EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM. See: https://developer.android.com/reference/android/app/admin/DevicePolicyManager.htm

The provisioning app and device owner app will both on be running on Android O.

How do I get the signature checksum of my app that I can use in my key/value pair for NFC?

Steve Miskovetz
  • 2,360
  • 13
  • 29

1 Answers1

10

Try this

keytool -list -printcert -jarfile [path_to_your_apk] | grep -Po "(?<=SHA256:) .*" | xxd -r -p | openssl base64 | tr -d '=' | tr -- '+/=' '-_'

In details:

  • keytool -list -printcert -jarfile [path_to_your_apk] extracts informations about the certificate of the APK,
  • grep -Po "(?<=SHA256:) .*" | xxd -r -p takes the SHA256 hash and converts it to binary,
  • openssl base64 encodes it with base64,
  • tr -d '=' | tr -- '+/=' '-_' makes it URL-safe (+ is encoded as -, / is encoded as _ and the padding character = is removed).
Fred
  • 2,191
  • 1
  • 12
  • 14
  • 1
    Your first step returns, "Not a signed jar file". – Steve Miskovetz Jun 30 '17 at 22:07
  • I am signing my APK with the V2 signing scheme since these apps will only be run on Android O or greater. If I sign them with the V1 signing scheme, this method works great! I think this is a good and valid answer for the V1 scheme. I will open a new question more specific for the V2 scheme. – Steve Miskovetz Jun 30 '17 at 23:09
  • 2
    For reference, here is [the new question about V2 signing](https://stackoverflow.com/questions/44855952/how-do-i-get-the-signature-checksum-of-my-apk-that-is-signed-with-only-the-v2-sc) that has been answered. – Fred Jul 02 '17 at 09:13
  • 1
    When I run this command it run and did not give any error but nothing is shown in result C:\Program Files\Java\jdk-11.0.1\bin>keytool -list -printcert -jarfile "TestDPC_4005.apk" | "C:\Program Files\Git\usr\bin\grep.exe" -Po "(?<=SHA256:) .*" | "C:\Program Files\Git\usr\bin\xxd.exe" -r -p | "C:\Program Files\Git\usr\bin\openssl.exe" base64 | "C:\Program Files\Git\usr\bin\tr.exe" -d '=' | "C:\Program Files\Git\usr\bin\tr.exe" -- '+/=' '-_' – Mudassir Khan Feb 22 '19 at 06:59
  • Is the URL required the https or http is okay. – Krunal Shah Sep 04 '20 at 06:36