Reputation: 3319
Keystore SHA1 different from cert.rsa SHA1 from APK
I have an android app (and its production keystore) that was first created with Adobe Air. Long time ago the company switched to the regular Android SDK to develop the app but as the app was already in production, the keystore we use is still the same one (created then by Adobe Air).
I used keytool to extract the SHA1 for Google Places API, I got something along those lines:
Alias name: <alias_name>
Creation date: Jan 11, 2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=<company_name>, OU=, O=, C=US
Issuer: CN=<company_name>, OU=, O=, C=US
Serial number: <lotsofnumbers>
Valid from: Mon Mar 28 14:08:17 IST 2011 until: Sat Mar 29 14:08:17 IDT 2036
Certificate fingerprints:
MD5: ..:8D:F7
SHA1: ..:E6:69
SHA256: ..:38:9A
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
codeSigning
]
This SHA1 (finishing by E6:69) never worked in Google Places API so I checked what was the CERT.RSA the apk contained and it looked almost the same except the Certificate fingerprints:
Valid from: Mon Mar 28 14:08:17 IST 2011 until: Sat Mar 29 14:08:17 IDT 2036
Certificate fingerprints:
MD5: ..:E1:30
SHA1: ..:72:74
SHA256: ..:9D:6D
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
codeSigning
]
This SHA1 (finishing by 72:74) worked perfectly and I finally managed to use the Google Places API in production. But I don't understand why those two certificate fingerprints are different.
I am 1000% sure it is the same keystore, so how is this possible?
When I look at the android debug key the info is structured the same way but the Extensions are different:
Alias name: androiddebugkey
Creation date: Oct 26, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 3bddeb55
Valid from: Sun Oct 26 21:03:56 IST 2014 until: Tue Oct 18 22:03:56 IDT 2044
Certificate fingerprints:
MD5: ..:01:17
SHA1: ..:00:77
SHA256: ..:32:93
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: <weird hexa number and characters>
0010: <weird hexa number and characters>
]
]
To summarise my questions:
- How is this possible the SHA1 do not match?
- Could it be the Extensions difference?
- How can I use keytool (or other tool) to show me the right SHA1 then?
- Can I get rid of this Code Signing Extension to go back to a "normal android keystore" ?
Upvotes: 6
Views: 2125
Answers (4)
Reputation: 3118
Check a few things
That you have the correct Signed Key (check the dates)
Ensure your passwords are correct (have to be correct to publish a release apk)
Check your Key Alias is the right one. I spent hours on this to find out I had two of them.
Upvotes: 0
Reputation: 126563
How is this possible the SHA1 do not match?
The SHA-1 certificate fingerprint is defined by your Keystore, probably you signed your app with another Keystore or your Keystore was modified or was created again, i have experienced this by myself, with my debug Keystore.
How can I use keytool (or other tool) to show me the right SHA1 then?
Remember when you create a Keystore (that contains an unique SHA-1 Certificate) to sign apps for production, you must keep this Keystore in a safe place, and it must be used to sign you apps for the Google Playstore
If your SHA-1 (finishing by E6:69) never worked in Google Places API, probably the SHA-1 certificate fingerprint is not registered in https://console.developers.google.com/.
For example for Google Places API i need to register my app with the SHA-1 certificate of my debug keystore (generally located in C:\Users\[USER]\.android\debug.keystore) and with the SHA-1 certificate of my production keystore.
Go to your Google Developer Console
https://console.developers.google.com/apis
There you can define multiple SHA-1 related to your app package name, for example you can define one for your Debug Keystore and another for your Production Keystore.
I can bet that you signed with different keystores because they have diferent creation dates:
Creation date: Jan 11, 2015
Creation date: Oct 26, 2014
Upvotes: 4
Reputation: 899
There will be 2 keystore. debug and release. you are using debug key i think.
If you were using release. Check the apikey is correct in both the debug and release xmls. because normally you will not see the release google xml.
So you created correct Api key but you were not put it in the release xml file.
Upvotes: 2
Reputation: 3665
Using android studio you can get the SHA1 key in the following way
Goto Gradle tab at right side of the studio then
Click projectname-> :app-> Tasks-> android-> signingReport(double click)
This will print SHA1 and MD5 key on RUN console
Upvotes: 2
Related Questions
- SHA-1 fingerprint of keystore certificate
- How to stop EditText from gaining focus when an activity starts in Android?
- How can I create a keystore?
- Is there a way to get the source code from an APK file?
- How to check certificate name and alias in keystore files?
- How to get Certificate Chain to Show on Google Chrome
- Displaying the release certificate fingerprint only shows (SHA-256), not SHA1
- Generating keystore but only getting SHA1 certificate, I want SHA256 certificate?
- Keytool keeps giving SHA256 sigalg instead of requested alg
- Keystore and Certificate concepts