Login/Register
Questions about Development and Release Key Hashes for Facebook SDK for Android
Asked Answered
Solved androidfacebookandroid-libraryfacebook-sdk-4.0android-facebook
H

4

8

I read the guides in the FB Developer website.

To create a Development Key Hashes

keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64

And to create a Release Key Hashes

keytool -exportcert -alias YOUR_RELEASE_KEY_ALIAS -keystore YOUR_RELEASE_KEY_PATH | openssl sha1 -binary | openssl base64

I have 6 questions:

  1. What do those Key Hashes do?

  2. Why is there a need to create different key hashes for both Release and Development?

  3. If I haven't published my app to the PlayStore yet. Can I use the Release Key instead of using the Development key?

  4. If I my app is live in PlayStore, can I keep using the Development key?

  5. What should I put into YOUR_RELEASE_KEY_ALIAS and YOUR_RELEASE_KEY_PATH? Can anyone provide samples please?

  6. Why is that when we develop for iOS, those key hashes were not required?

Extra question that is unrelated

What does this Single Sign On button do? enter image description here

Haustellum answered 23/12, 2015 at 10:37 Comment(1)
But i have use only Key Hash. Development Key Hashes is only for testing until app is not publish in play store.Sessions
P
7

Q: What do those Key Hashes do?

  • They identify your keystore and application uniquely. it is a unique fingerprint for your application:

Signing Your Applications

  • Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. Android apps often use self-signed certificates. The app developer holds the certificate's private key.

Signing Overview

  • You can sign an app in debug or release mode. You sign your app in debug mode during development and in release mode when you are ready
    to distribute your app. The Android SDK generates a certificate to
    sign apps in debug mode. To sign apps in release mode, you need to
    generate your own certificate. For your further reference you can
    look at what keyhashes are at

Q: Why is there a need to create different key hashes for both Release and Development?

As you know android uses different Keystores for both development and release, since the two keystores are different in every aspect, they both have different fingerprints and SHA-1 hashes hence they are treated entirely different.

Q: If I haven't published my app to the PlayStore yet. Can I use the Release Key instead of using the Development key?

Yes you can use the release key for APK generation purposes only however if you are in debug mode this key wont work at all.

Q: If I my app is live in PlayStore, can I keep using the Development key?

Yes you can keep using development key but you cannot use the debug key.

Q:What should I put into YOUR_RELEASE_KEY_ALIAS and YOUR_RELEASE_KEY_PATH? Can anyone provide samples please?

attached is image if you are concerned about facebook keys enter image description here

Q:Why is that when we develop for iOS, those key hashes were not required?

That is due to platform requirement. It isn't necessary that if one platform requires one thing the other platform will also.

Single Sign On

Single sign-on is roughly an extension of (and replacement for) services like Facebook Connect, connecting you to third-party social apps and services. If you're already logged on to Facebook on your mobile phone, you'll be able to sign in to other apps using your Facebook credentials.

Here is the code to generate fb fingerprint.

public void generateFbFingerPrint() {
    try {
        PackageInfo info = getPackageManager().getPackageInfo(
                "com.group3amd.gc.activity",
                PackageManager.GET_SIGNATURES);
        for (Signature signature : info.signatures) {
            MessageDigest md = MessageDigest.getInstance("SHA");
            md.update(signature.toByteArray());
            String sign = Base64
                    .encodeToString(md.digest(), Base64.DEFAULT);
            Log.e("KEYHASH:", sign);
            Toast.makeText(getApplicationContext(), sign, Toast.LENGTH_LONG)
                    .show();
        }
    } catch (NameNotFoundException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }




}
Pamphylia answered 23/12, 2015 at 10:55 Comment(6)
So those hashkey asked by facebook, is not actually for the Facebook it self, but rather for the Android App itself? Am I getting it right? Thanks for answering thoroughlyHaustellum
What does your generateFbFingerPrint method is for btw?Haustellum
GenerateFbFingerprint method is for quickly generating keyhashes for facebook using your current keystorePamphylia
No, those are for facebook, what they actually do is they identify your keystore using which you generate your apk file, then they give you a unique key called keyhash that uniquely identifies your app and they keystore that you use to digitally sign your apk file. Still if you have any ambiguities feel free to ask :) Happy CodingPamphylia
I have included two links for your helpPamphylia
Hi, I am using release keystore for building apk. I have installed and test for login with facebook it is working fine but my doubt when I push that build to playstore is it necessary to change that hash key when I am getting hash key in my phone at first time. For pushing the app in play store is same key is it fine or need to change that key.Snowden
A
3

What do those Key Hashes do?

  • Android requires that all apps be digitally signed with a certificate before they can be installed. Android uses this certificate to identify the author of an app, and the certificate does not need to be signed by a certificate authority. so both keys used to digitally signed your app.

Why is there a need to create different key hashes for both Release and Development?

  • You sign your app in debug mode with Development key during development & release key used when you are ready to distribute your app on Google Play.

If I haven't published my app to the PlayStore yet. Can I use the Release Key instead of using the Development key?

  • you must have to use release key at this point

If I my app is live in PlayStore, can I keep using the Development key?

  • Google Play not allow to upload APK with debug key so you must have to use release key

What should I put into YOUR_RELEASE_KEY_ALIAS and YOUR_RELEASE_KEY_PATH? Can anyone provide samples please?

  • YOUR_RELEASE_KEY_ALIAS : use whatever name you like(just to remember name of keystore)
  • YOUR_RELEASE_KEY_PATH : path where you want to save your keystore file(for future uses)

Warning: Keep your keystore and private key in a safe and secure place, and ensure that you have secure backups of them. If you publish an app to Google Play and then lose the key with which you signed your app, you will not be able to publish any updates to your app, since you must always sign all versions of your app with the same key.

Why is that when we develop for iOS, those key hashes were not required?

  • ios developer also require these keys apple developer team generate certificate for development and release. which we have to use in development and release time

this above all are about android app and Google play for FACEBOOK you have to generate different key hash for development and relase

how to generate keyhash for facebook

Aerobiology answered 23/12, 2015 at 10:54 Comment(0)
S
2

This is your answer.

  1. Development Key Hashes - This is only for testing ,until you have not publish play store. Release Key Hashes - This is original hash key without this key hash Facebook is not working in play store.

  2. There is no need to create 2 haseh key if you create Release Key Hashes then not required to create Development Key Hashes.

  3. yes without Release Key Hashes facebook not working in play store.
  4. No Development Key Hashes is only for testing hash key.
  5. Yes they can do it.
Sessions answered 23/12, 2015 at 10:56 Comment(2)
So if I am not using Facebook SDK, I would not need to create a key hash? Or is the keyhash mandatory to publish Android app to PlayStore? Sorry for asking this and thank you for taking time to answerHaustellum
if you are not using facebook in your app then not use facebook keyhash, without keyhash you publish your app in play store.Sessions
C
0

Facebook uses the key hash to authenticate interactions between your app and the Facebook app.

If you run apps that use Facebook Login, you need to add your Android development key hash to your Facebook developer profile. For the version of your app that you release to you also need to generate and set a Release Key Hash.

On either OS X or Windows you can get a key has by generating it or by using the value returned by Settings.getApplicationSignature(Context).

For more information please refere below link,

https://developers.facebook.com/docs/android/getting-started

Chromatism answered 23/12, 2015 at 10:47 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.