• Advertisement
Sign in to follow this  

What is SHA1 in Android?

This topic is 931 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

In Android if you are making an app that uses the Game Services, you need to link one of your apps to the Game Service that you create. In the case of an Android app you have to Authorize it and provide a SHA1 code. The thing that confuses me is that this code seems to exist in a single place on your computer. I don't fully understand what it is or what role it plays. I think it has something to do with generating a key when making an Android apk, but if the SHA1 is unique to your computer, does that mean you have to update the Google Play game services if you compile a new apk from a different computer in the future? It's hard finding information on this. Why would Google Play game services need the SHA1?

Share this post


Link to post
Share on other sites
Advertisement

You need to sign and align every apk you create, SHA1 like MD5 is a hashing function used with a password you will be asked for when you go through this process, like this,

 

First generate a key, replace 'my-release-key.keystore' with any name you want.

 

keytool -genkey -v -keystore my-release-key.keystore -alias cert -keyalg RSA -keysize 2048 -validity 10000

 

Then sign the apk, replace myapk with the name of your apk.

 

jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore myapk.apk cert

 

Verify the signing worked.

 

jarsigner -verify -verbose -certs myapk.apk

 

Align the apk.

 

zipalign -v 4 myapk.apk myapk_final.apk

 

https://developer.android.com/tools/publishing/app-signing.html

Share this post


Link to post
Share on other sites

If I'm not mistaken it goes like this:

 

The SHA1 fingerprint what Google Game Services want, is the SHA1 from your keystore you used to sign the APK. The SHA1 is keystore related, so if you want to make another keystore to another APK, it would have different SHA1.

 

Keep in mind that once you sign your APK with keystore and upload it to Google Play for the first time, you have to use the same keystore for signing the updated versions of the APK or else Google won't let you upload the updated APK to the store. So when you sign your APK, take backup of your keystore file and keep it somewhere safe.

 

When you you create the keystore in terminal, it will tell you the SHA1 of the keystore. If you have already made the keystore, you can get its SHA1 fingerprint with keytool

 

Open up cmd/terminal and go to your jdk bin folder, (eg. C:\Program Files\Java\jdk1.7.0.0_05\bin or wherever your jdk is installed) and type

 

keytool -v -list -keystore <Path\to\your\keystore>

 

This will output the SHA1 fingerprint for your keystore among other information. These instructions were taken from this SO answer: http://stackoverflow.com/a/11121913

 

Hope this helps

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement