Using keytool to get the MD5 signature of a certificate

Question

I need to get a Google map key for my application and, for this, I need the MD5 signature of my certificate. As seen on the Internet, I use "keytool" to get it :

keytool -list -alias mykey -keystore mykeystore

The problem is that the answer is a SHA1 signature instead of an MD5 signature.

I use JDK 1.7.

What am I doing wrong?

Thanks in advance for the time you will spend trying to help me.

score 7 · Answer 1 · answered Apr 29 '21 at 13:09

Hello in the year 2021.

The keytool of JDK 8 and newer does not print MD5 anymore, even if you try the standard suggestion to add the "-v" option to the "keygen -list" command.

I guess MD5 is no more considered secure enough and has been removed.

At the same time there are still places like Amazon "Security Profile Management" for LWA etc. requiring you to submit the MD5 signature of your certificate.

Here is a command which will deliver it (use the password "android" for the Android Studio keystore):

keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | \
openssl dgst -md5

And if you want to have colon character inbetween, then add the following "sed" command:

keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | \
openssl dgst -md5 | \
sed 's/[a-fA-F0-9][a-fA-F0-9]/&:/g; s/:$//'

The above command works on Linux, macOS and even Windows (in git bash):

Thanks man!! I really need this. Saved my whole day. You are absolutely correct for JDK 8. — Deeksha, Jun 05 '21 at 10:06
Amazon really needs to get rid of MD5. It's a security risk for everyone! Amazon claims to have cutting edge software but they're really outdated... — doctorram, Oct 14 '21 at 02:36

score 3 · Answer 2 · edited May 23 '17 at 11:55

There is another Post about this same thing How can I get the MD5 fingerprint from Java's keytool, not only SHA-1?

I guess JDK 1.7 defaults to SHA1. To fix this the following has worked:

C:\Program Files\Java\jdk1.7.0\bin>keytool -v -list -alias
androiddebugkey -keystore debug.keystore -storepass android -keypass android

I tried this, and it worked for me. It gives you MD%, SHA1, SHA256 and Signature Algorithm Name. In that order.

score 1 · Answer 3 · edited Apr 16 '14 at 02:22

1

keytool -exportcert -alias alias -keypass keypass -keystore ./test.keystore -storepass 123456 | md5sum

edited Apr 16 '14 at 02:22

Rey Libutan

5,226
9
42
73

answered Apr 16 '14 at 01:46

hoot

1,215
14
15

Paresh Mayani · Answer 4 · 2011-10-31T13:30:00.880

0

Have you tried the keytool command as:

$ keytool -list -keystore ~/.android/debug.keystore

More on getting Map API Key is Here: http://code.google.com/android/maps-api-signup.html

Update:

As you are using JDK 1.7, there is a new command line argument to its keytool, namely -keyalg.

I know you can specify -keyalg RSA, so maybe -keyalg MD5 will give you the right key.

edited Oct 31 '11 at 13:30

answered Oct 31 '11 at 13:14

Paresh Mayani

127,700
71
241
295

1

Not better. The keytool's answer is still a SHA1 signature. – Zelig Oct 31 '11 at 13:28
The use of the -keyalg MD5 parameter doesn't change the result. I desesperately get a SHA1 signature. – Zelig Oct 31 '11 at 16:26

score 0 · Accepted Answer · answered Dec 19 '11 at 16:30

0

Solved by going back to java 1.6.

answered Dec 19 '11 at 16:30

Zelig

187
3
8

Using keytool to get the MD5 signature of a certificate

5 Answers5

Update: