Skip to content

Instantly share code, notes, and snippets.

@DimaKoz

DimaKoz/README.md

Forked from arturokunder/README.md
Created June 22, 2018 20:20
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save DimaKoz/10c8f7f18749d0aa5377981bd4b7f7b0 to your computer and use it in GitHub Desktop.
Save DimaKoz/10c8f7f18749d0aa5377981bd4b7f7b0 to your computer and use it in GitHub Desktop.
Download ZIP
Verify APK signature
Raw
README.md

Do I have the correct certificate to sign my APK?

Use keytool Keytool is part of Java, so make sure your PATH has Java installation dir in it.

Get APK Certificate Signature

First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA or something.RSA, but there should only be one .RSA file).

Then, run:

keytool -printcert -file ANDROID_.RSA

You will get the certificate fingerprint (MD5, SHA1, SHA256).

MD5:  B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
Signature algorithm name: SHA1withRSA

Get certificate signature

Use keytool to get your certificate signature and check against the apk certificate signature

keytool -list -keystore path/to/my-signing-key.keystore

You will get a list of aliases and their certificate fingerprint:

android_key, Jan 23, 2010, PrivateKeyEntry,
Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB

If your certificate signature is the same as your APK signature, you are ready to go!

Source: http://stackoverflow.com/questions/11331469/how-do-i-find-out-which-keystore-was-used-to-sign-an-app

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment