If you ever want to get the Android SHA (1/256), MD5 or the signing key used to sign your app for example you can use the following snippet.
Important! Be aware that you should not print that in a production environment as it might leak sensitive data
API 28> (Kotlin)
private fun printSHA() {
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
try {
// get the package info that contains the key you want to print
val info = packageManager.getPackageInfo(
packageName,
PackageManager.GET_SIGNING_CERTIFICATES
)
for (signature in info.signingInfo.apkContentsSigners) {
// you can use other algorithms like MD5, SHA-1 or SHA-256
val sha = MessageDigest.getInstance("SHA-256")
sha.update(signature.toByteArray())
// print the signing key SHA hash
val output = sha.digest()
Log.e("KEY HASH (SHA-256):", Base64.encodeToString(output, Base64.DEFAULT))
Log.e("KEY HASH Hex (SHA-256):", bytesToHex(output).toUpperCase())
}
} catch (notFoundException: PackageManager.NameNotFoundException) {
Log.e("My tag", notFoundException.message)
} catch (noSuchAlgorithmException: NoSuchAlgorithmException) {
Log.e("My tag", noSuchAlgorithmException.message)
}
}
}
Deprecated (Java)
private void printSHA() {
try {
// get the package info that contains the key you want to print
PackageInfo info = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
// you can use other algorithms like MD5, SHA-1 or SHA-256
MessageDigest sha = MessageDigest.getInstance("SHA-256");
sha.update(signature.toByteArray());
// print the signing key SHA hash
byte[] output = sha.digest();
Log.e("MY KEY HASH:", Base64.encodeToString(output, Base64.DEFAULT));
Log.e("MY KEY HASH Hex:", bytesToHex(output));
}
} catch (PackageManager.NameNotFoundException notFoundException) {
Log.e("My tag", notFoundException.getMessage());
} catch (NoSuchAlgorithmException noSuchAlgorithmException) {
Log.e("My tag", noSuchAlgorithmException.getMessage());
}
}
And the converter method that outputs a hexa string from an array of bytes:
public static String bytesToHex(byte[] bytes) {
final StringBuilder builder = new StringBuilder();
for(byte aByte : bytes) {
builder.append(String.format("%02x", aByte));
}
return builder.toString();
}
Using this you can implement validation systems between your app and backend. This way the backend knows if the app that does a request has this extra security layer or not :).
That outputs something like:
2020-04-17 17:37:58.429 13222-13222/ro.funcode.stirisinoutatimodule E/KEY HASH (SHA-256):: CYCi/W8mXfCf7asdabCQvc71+DpiyasdsdQizELw=
2020-04-17 17:37:58.441 13222-13222/ro.funcode.stirisinoutatimodule E/KEY HASH Hex (SHA-256):: 0980A2FD6F26DDSADASD234AF809B090BDCEF5F83A62CA7CADAFASB310BC