Google play app signing key hash

Question

I have opted for google play app signing and i understand that google changes the signing keys for the app and I found the Sha 1 certificate but couldnt find the keyhash .

Answer 1

You can extract keyhash from the Sha1 certificate signature. Key hashes are usually extracted in the following way:

public static String getKeyHash(final Context context) {
    PackageInfo packageInfo = getPackageInfo(context, PackageManager.GET_SIGNATURES);
    if (packageInfo == null)
        return null;

    for (Signature signature : packageInfo.signatures) {
        try {
            MessageDigest md = MessageDigest.getInstance("SHA");
            md.update(signature.toByteArray());
            return Base64.encodeToString(md.digest(), Base64.NO_WRAP);
        } catch (NoSuchAlgorithmException e) {
            Log.w(TAG, "Unable to get MessageDigest. signature=" + signature, e);
        }
    }
    return null;
}

You can see that SHA-1 version of signature is Base64 encoded.

Under App Signing menu in Google play developer console, you will see Sha-1 certificate signature that looks like this:

SHA1: 3B:DA:A0:5B:4F:35:71:02:4E:27:22:B9:AC:B2:77:2F:9D:A9:9B:D9

Basically, what you have to do is to change this into a byte array and Base64 encode that byte array. You can do something like:

byte[] sha1 = {
    0x3B, (byte)0xDA, (byte)0xA0, 0x5B, 0x4F, 0x35, 0x71, 0x02, 0x4E, 0x27, 0x22, (byte)0xB9, (byte)0xAc, (byte)0xB2, 0x77, 0x2F, (byte)0x9D, (byte)0xA9, (byte)0x9B, (byte)0xD9
};
Log.e("keyhash", Base64.encodeToString(sha1, Base64.NO_WRAP));

You can register this keyhash to facebook android login settings or wherever you like.