Why is fingerprint different in my newly signed apk?

Asked 4/12, 2014 at 1:11 Answered 1/3, 2021 at 15:20

android android-studio keytool jks flash-cc

I'm having an issue getting the same fingerprint after I changed the type of keystore from PKCS12 to JKS.

In order to make the change I created a new JKS keystore, deleted the key that was in it, and imported the key I need from the .p12 file. When verify the key with keytool -keystore keystore.jks -list it outputs the fingerprint:

(SHA1): 21: ... :39

which is the fingerprint of the .p12 file, and the fingerprint google says my previous apks have been. When I sign my apk with the this certificate and try to upload it to the playstore, it says the certificate has the fingerprint:

SHA1: C7: ... :AF

When I examine both the original .p12 file and the new .jks file with KeyStore Explorer they both list SHA1: C7: ... :AF as the as the fingerprint.

Edit1:

keytool -keystore disneyquiz.p12 -storetype PKCS12 -alias 1 -list
Enter keystore password:
1, Jun 4, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 21: ... :39


keytool -keystore quizstore.jks -list
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

key0, Dec 3, 2014, PrivateKeyEntry,
Certificate fingerprint (SHA1): 21: ... :39

New Apk

keytool -printcert -file CERT.RSA    
Owner: CN=CBP Development, OU=CBP Development, O=CBP Development, C=US
Issuer: CN=CBP Development, OU=CBP Development, O=CBP Development, C=US
Serial number: 36663939343135303a31343636393337363665663a2d38303030
Valid from: Tue Jun 03 19:29:37 EDT 2014 until: Sat Jun 04 19:29:37 EDT 2039
Certificate fingerprints:
         MD5:  F6: ... :72
         SHA1: C7: ... :AF
         SHA256:     7C:D6: ... :67:B9
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  codeSigning
]

Original APK

keytool -printcert -file CERT.RSA    
Owner: CN=CBP Development, OU=CBP Development, O=CBP Development, C=US
Issuer: CN=CBP Development, OU=CBP Development, O=CBP Development, C=US
Serial number: 36663939343135303a31343636393337363665663a2d38303030
Valid from: Tue Jun 03 19:29:37 EDT 2014 until: Sat Jun 04 19:29:37 EDT 2039
Certificate fingerprints:
         MD5:  AD: ... :CA
         SHA1: 21: ... :39
         SHA256: D2:7D: ... :8E:47
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  codeSigning
]

Edit 2:

The original .p12 file was generated with the Adobe Air Certificate generator, and the original apk was compiled with Adobe Flash Professional CC. After testing the certificates and trying to sign the APK in various ways, I think the only possibility is that the Flash Professional signing process somehow changes the reported fingerprint when it signs the apk. The CERT.RSA in the flash created apk's META-INF matches the CERT.RSA of the new apk. Hopefully someone has a suggestion as to how sign my new apk so I can update my app.

Shivery answered 4/12, 2014 at 1:11 Comment(2)

Are you sure you are selecting the correct certificated? What's the list of your certificates? – Quiz 4/12, 2014 at 1:18

There is only one certificate in the keystore, and the p12 is only one certificate. I don't understand why the fingerprints show up differently when checked in different ways. – Shivery 4/12, 2014 at 1:21

the problem is with gradle, while signing using key imported from p12 key.

steps to fix:

change the extension of apk to zip
dont unzip the apk, but open it with zip by double clicking
delete META-INF folder
change the extension from zip to apk
sign your apk from cmd prompt using below command

jarsigner -keystore -storepass

zip algin the apk

zipalign [-f] [-v] infile.apk outfile.apk

the alignment is an integer that defines the byte-alignment boundaries. This must always be 4 (which provides 32-bit alignment) or else it effectively does nothing.

I was able to republish one of my successfully using these steps

Mailman answered 31/10, 2015 at 20:20 Comment(1)

However it still doesn't answer the question. – Cottonade 17/11, 2015 at 6:36

This happened to me as well, turns out my key had been converted from a .p12 file and was generating a signature different than before. Running this tool on the Android built and signed APK solved the issue for me, as it does the steps outlined by Dev for you https://github.com/SierraII/morphthis

Assisi answered 5/3, 2019 at 16:36 Comment(0)

In case anyone stumbles across this issue again: You HAVE to use jarsigner from JDK 7 in order for this to work (and you have to use jarsigner with your p12 certificate, instead of the converted certificate). For a bit more info, see this thread:

Migrate AIR Android p12 keystore file to Cordova

Gamekeeper answered 1/3, 2021 at 15:20 Comment(0)

Recommended topics

Hot tags