Archive for Posts Tagged ‘App Signing’

2

Feb
2013
Comments Off on How to find the key an Android app was signed with

How to find the key an Android app was signed with

I found this on stack overflow, so I am just recapturing here since i found it so useful. First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file). Then issue this command:
     keytool -printcert -file ANDROID_.RSA
You will get certificate fingerprints like this:
     MD5:  B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
     SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
     Signature algorithm name: SHA1withRSA
Then use the keytool again to print out all the aliases of your signing keystore:
     keytool -list -keystore my-signing-key.keystore
You will get a list of aliases and their certificate fingerprint:
     android_key, Jan 23, 2010, PrivateKeyEntry,
     Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
Voila! we can now determined the apk has been signed with this keystore, and with the alias ‘android_key’. Keytool is part of Java, so make sure your PATH has Java installation dir in it.
read more