Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
How to check Signal APK SHA256 fingerprint

To verify the SHA256 fingerprint of a Signal APK you downloaded from their website, use apksigner on the command line, like so:

/path/to/android-sdk/build-tools/26.0.2/apksigner verify --print-certs \
    /path/to/Signal-website-release-4.12.3.apk | grep SHA-256
> dSigner #1 certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
echo 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0 EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26 \
    | sed 's/://g' | sed 's/ //g' | tr '[:upper:]' '[:lower:]'
> 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
if [[ 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26 = \
    29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26 ]]; \
    then echo strings are equal; \
    fi
> strings are equal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment