Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
How to check Signal APK SHA256 fingerprint

To verify the SHA256 fingerprint of a Signal APK you downloaded from their website, use apksigner on the command line, like so:

/path/to/android-sdk/build-tools/26.0.2/apksigner verify --print-certs \
    /path/to/Signal-website-release-4.12.3.apk | grep SHA-256
> dSigner #1 certificate SHA-256 digest: 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
echo 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0 EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26 \
    | sed 's/://g' | sed 's/ //g' | tr '[:upper:]' '[:lower:]'
> 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26
if [[ 29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26 = \
    29f34e5f27f211b424bc5bf9d67162c0eafba2da35af35c16416fc446276ba26 ]]; \
    then echo strings are equal; \
> strings are equal
Copy link

How to check grep command in windows ?
I am trying findstr SHA-256 its not working
I am unable to verify my apk on windows. Can you help?


Copy link

In case someone is looking for apksigner, it is part of "build-tools" which I acquired on Linux using the following:

  1. download from
  2. ./bin/sdkmanager --sdk_root=/tmp/android_sdk "build-tools;29.0.3"
  3. /tmp/android_sdk/build-tools/29.0.3/apksigner verify --print-certs /mnt/tmp/Signal-Android-website-prod-universal-release-5.36.3

There were many "WARNING" messages, but if you look at the top of the response you will see "Signer #1 certificate" values.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment