Skip to content

Instantly share code, notes, and snippets.

@arturokunder

arturokunder/README.md

Created October 6, 2016 18:25
Show Gist options
  • Star 15 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save arturokunder/161a2a0d70bdca13931c0303bab348a9 to your computer and use it in GitHub Desktop.
Save arturokunder/161a2a0d70bdca13931c0303bab348a9 to your computer and use it in GitHub Desktop.
Download ZIP
Verify APK signature
Raw
README.md

Do I have the correct certificate to sign my APK?

Use keytool Keytool is part of Java, so make sure your PATH has Java installation dir in it.

Get APK Certificate Signature

First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA or something.RSA, but there should only be one .RSA file).

Then, run:

keytool -printcert -file ANDROID_.RSA

You will get the certificate fingerprint (MD5, SHA1, SHA256).

MD5:  B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
Signature algorithm name: SHA1withRSA

Get certificate signature

Use keytool to get your certificate signature and check against the apk certificate signature

keytool -list -keystore path/to/my-signing-key.keystore

You will get a list of aliases and their certificate fingerprint:

android_key, Jan 23, 2010, PrivateKeyEntry,
Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB

If your certificate signature is the same as your APK signature, you are ready to go!

Source: http://stackoverflow.com/questions/11331469/how-do-i-find-out-which-keystore-was-used-to-sign-an-app

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment