Is there any way to get key hash from signed APK?

Question

Is there any way to get key hash from signed APK? We have a signed Android apk file, and we want to find out key hash of this APK, for Facebook SDK. Can we do that by something like jarsigner?
Any suggestions?

Answer 1

For windows users getting the key from openssl, may be tricky some times.. I always use this to find the right signature.. Just paste this code in your onCreate() and run.

 // Add code to print out the key hash
  try {
  PackageInfo info = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
  for (Signature signature : info.signatures) {
  MessageDigest md = MessageDigest.getInstance("SHA");
  md.update(signature.toByteArray());
  Log.e("MY KEY HASH:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
      }
  } catch (NameNotFoundException e) {

  } catch (NoSuchAlgorithmException e) {

  }

---

Update:

Using Android studio(2.1.2):

1. Open your project on studio and click on the gradle icon.
2. Choose your app -> Tasks -> android -> SigningReport

This will run a gradle task that will print the debug and release certificate with md5 and sha1 keys

Answer 2

On linux, I used this command to get the key hash from an apk:

 keytool -list -printcert -jarfile [path_to_your_apk] | grep -Po "(?<=SHA1:) .*" |  xxd -r -p | openssl base64

For Mac Users (OS X) as there is no grep -P support

keytool -list -printcert -jarfile ~/Downloads/YOURAPKFILE.apk | grep "SHA1: " | cut -d " " -f 3 | xxd -r -p | openssl base64

Answer 3

You can download openssa from here

1. To generate signature you need openssl installed on your pc. If you don’t have one download openssl from here
2. In C: , Create openssl folder
3. Extract the contents of downloaded openssl zip file into openssl folder in C:drive
4. Open Command prompt
5. Move to bin of openssl i.e C:\openssl\bin in command prompt

6. Run the following command to generate your keyhash. While generating hashkey it should ask you password.

   keytool -exportcert -alias androiddebugkey -keystore   "C:\Users\Anhsirk.android\debug.keystore" | openssl sha1 -binary | openssl base64
   

NOTE: In the above code, note that you need to give your path to user(i.e in my case it is C:\Users\Anhsirk, you just need to change this for your user account.

Give password as android. If it don’t ask for password your keystore path is incorrect.

Answer 4

It's too late to answer but its very quick way to get Signed app key hash.

Install apk and it can extract all apps key hash.

Download from: https://apkpure.com/key-hash-key/notimeforunch.keyhash

Answer 5

When I built my Facebook app. I used my Android keystore. There is a hashing function for that. Commonly used in the Google API's.(See there for instructions). If you own the app and signed it; this should be no issue otherwise..your basically screwed.There is no way.

Answer 6

You can also use following approaches for getting Sha1 Hash in base64 (as required in case of facebook) from your apk signing keystore file:-

Mac: keytool -exportcert -alias <KEY_STORE_ALIAS> -keystore <KEY_STORE_PATH> | openssl sha1 -binary | openssl base64
 
Windows: keytool -exportcert -alias <KEY_STORE_ALIAS> -keystore <KEY_STORE_PATH> | openssl sha1 -binary | openssl base64

You would also need to have openssl for this command.

For example:

keytool.exe -list -v -keystore "%LocalAppData%\Xamarin\Mono for Android\debug.keystore" -alias androiddebugkey -storepass android -keypass android | openssl sha1 -binary | openssl base64

Where, "%LocalAppData%\Xamarin\Mono for Android\debug.keystore" should be replaced with path to your keystore file used for signing your apk (while in debugging or adhoc destribution).