0

I'm trying to verify the checksum of a couple of Android app APKs. I'm working in a Linux environment.

For one of the files, this command worked fine:

sha256sum filename

But for the other file (the Signal app APK), I got the following output:

f2f3fe7538608f2a6c43022f09216093fffb6b37e2ffed196afe4432cdb08d71

I was aiming for this output:

29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0
EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26

This seems to be an encoding issue (assuming the APK is legit), but I'm not sure how to generate the output in the correct encoding.

b00kgrrl
  • 559
  • 2
  • 9
  • 30
  • 1
    `sha256sum` always outputs hexadecimals only, without any separators or delimiters. But if you look at the first byte (`f2` and `29`), you'll notice that they are different. – knittl Jun 05 '23 at 14:43
  • 2
    https://github.com/signalapp/Signal-Android/issues/11872 – choroba Jun 05 '23 at 14:44

1 Answers1

0

What you are looking at is the APK fingerprint and not the sha-256 checksum.

See the following answer for obtaining that via the keytool (a Java keystore tool)

https://stackoverflow.com/a/42290810/6645076

crazo7924
  • 344
  • 5
  • 15