Login/Register
Keystore SHA1 different from cert.rsa SHA1 from APK
Asked Answered
androidsslairkeystoreandroid-keystore
H

4

6

I have an android app (and its production keystore) that was first created with Adobe Air. Long time ago the company switched to the regular Android SDK to develop the app but as the app was already in production, the keystore we use is still the same one (created then by Adobe Air).

I used keytool to extract the SHA1 for Google Places API, I got something along those lines:

Alias name: <alias_name>
Creation date: Jan 11, 2015
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=<company_name>, OU=, O=, C=US
Issuer: CN=<company_name>, OU=, O=, C=US
Serial number: <lotsofnumbers>
Valid from: Mon Mar 28 14:08:17 IST 2011 until: Sat Mar 29 14:08:17 IDT 2036
Certificate fingerprints:
     MD5:  ..:8D:F7
     SHA1: ..:E6:69
     SHA256: ..:38:9A
     Signature algorithm name: SHA1withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  codeSigning
]

This SHA1 (finishing by E6:69) never worked in Google Places API so I checked what was the CERT.RSA the apk contained and it looked almost the same except the Certificate fingerprints:

Valid from: Mon Mar 28 14:08:17 IST 2011 until: Sat Mar 29 14:08:17 IDT 2036
Certificate fingerprints:
     MD5:  ..:E1:30
     SHA1: ..:72:74
     SHA256: ..:9D:6D
     Signature algorithm name: SHA1withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  codeSigning
]

This SHA1 (finishing by 72:74) worked perfectly and I finally managed to use the Google Places API in production. But I don't understand why those two certificate fingerprints are different.

I am 1000% sure it is the same keystore, so how is this possible?

When I look at the android debug key the info is structured the same way but the Extensions are different:

Alias name: androiddebugkey
Creation date: Oct 26, 2014
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 3bddeb55
Valid from: Sun Oct 26 21:03:56 IST 2014 until: Tue Oct 18 22:03:56 IDT 2044
Certificate fingerprints:
     MD5:  ..:01:17
     SHA1: ..:00:77
     SHA256: ..:32:93
     Signature algorithm name: SHA256withRSA
     Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: <weird hexa number and characters>
0010: <weird hexa number and characters>
]
]

To summarise my questions:

  1. How is this possible the SHA1 do not match?
  2. Could it be the Extensions difference?
  3. How can I use keytool (or other tool) to show me the right SHA1 then?
  4. Can I get rid of this Code Signing Extension to go back to a "normal android keystore" ?
Hocuspocus answered 10/5, 2016 at 12:35 Comment(0)
V
4

How is this possible the SHA1 do not match?

The SHA-1 certificate fingerprint is defined by your Keystore, probably you signed your app with another Keystore or your Keystore was modified or was created again, i have experienced this by myself, with my debug Keystore.

How can I use keytool (or other tool) to show me the right SHA1 then?

Remember when you create a Keystore (that contains an unique SHA-1 Certificate) to sign apps for production, you must keep this Keystore in a safe place, and it must be used to sign you apps for the Google Playstore

If your SHA-1 (finishing by E6:69) never worked in Google Places API, probably the SHA-1 certificate fingerprint is not registered in https://console.developers.google.com/.

For example for Google Places API i need to register my app with the SHA-1 certificate of my debug keystore (generally located in C:\Users\[USER]\.android\debug.keystore) and with the SHA-1 certificate of my production keystore.

Go to your Google Developer Console https://console.developers.google.com/apis There you can define multiple SHA-1 related to your app package name, for example you can define one for your Debug Keystore and another for your Production Keystore. enter image description here

I can bet that you signed with different keystores because they have diferent creation dates:

Creation date: Jan 11, 2015
Creation date: Oct 26, 2014
Viewable answered 26/5, 2016 at 19:19 Comment(0)
S
2

Using android studio you can get the SHA1 key in the following way

Goto Gradle tab at right side of the studio then

Click projectname-> :app-> Tasks-> android-> signingReport(double click)

This will print SHA1 and MD5 key on RUN console

Shrewish answered 24/5, 2016 at 12:33 Comment(1)
as far as I know, this method will only show you the SHA1 for debug keystoreWenonawenonah
T
2

There will be 2 keystore. debug and release. you are using debug key i think.

If you were using release. Check the apikey is correct in both the debug and release xmls. because normally you will not see the release google xml.

So you created correct Api key but you were not put it in the release xml file.

Trimetric answered 25/5, 2016 at 5:33 Comment(0)
B
0

Check a few things

  • That you have the correct Signed Key (check the dates)

  • Ensure your passwords are correct (have to be correct to publish a release apk)

  • Check your Key Alias is the right one. I spent hours on this to find out I had two of them.

Berate answered 14/4, 2018 at 1:9 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.