If you ever want to get the Android SHA (1/256), MD5 or the signing key used to sign your app for example you can use the following snippet.
Important! Be aware that you should not print that in a production environment as it might leak sensitive data
API 28> (Kotlin)
private fun printSHA() { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { try { // get the package info that contains the key you want to print val info = packageManager.getPackageInfo( packageName, PackageManager.GET_SIGNING_CERTIFICATES ) for (signature in info.signingInfo.apkContentsSigners) { // you can use other algorithms like MD5, SHA-1 or SHA-256 val sha = MessageDigest.getInstance("SHA-256") sha.update(signature.toByteArray()) // print the signing key SHA hash val output = sha.digest() Log.e("KEY HASH (SHA-256):", Base64.encodeToString(output, Base64.DEFAULT)) Log.e("KEY HASH Hex (SHA-256):", bytesToHex(output).toUpperCase()) } } catch (notFoundException: PackageManager.NameNotFoundException) { Log.e("My tag", notFoundException.message) } catch (noSuchAlgorithmException: NoSuchAlgorithmException) { Log.e("My tag", noSuchAlgorithmException.message) } } }
Deprecated (Java)
private void printSHA() { try { // get the package info that contains the key you want to print PackageInfo info = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES); for (Signature signature : info.signatures) { // you can use other algorithms like MD5, SHA-1 or SHA-256 MessageDigest sha = MessageDigest.getInstance("SHA-256"); sha.update(signature.toByteArray()); // print the signing key SHA hash byte[] output = sha.digest(); Log.e("MY KEY HASH:", Base64.encodeToString(output, Base64.DEFAULT)); Log.e("MY KEY HASH Hex:", bytesToHex(output)); } } catch (PackageManager.NameNotFoundException notFoundException) { Log.e("My tag", notFoundException.getMessage()); } catch (NoSuchAlgorithmException noSuchAlgorithmException) { Log.e("My tag", noSuchAlgorithmException.getMessage()); } }
And the converter method that outputs a hexa string from an array of bytes:
public static String bytesToHex(byte[] bytes) { final StringBuilder builder = new StringBuilder(); for(byte aByte : bytes) { builder.append(String.format("%02x", aByte)); } return builder.toString(); }
Using this you can implement validation systems between your app and backend. This way the backend knows if the app that does a request has this extra security layer or not :).
That outputs something like:
2020-04-17 17:37:58.429 13222-13222/ro.funcode.stirisinoutatimodule E/KEY HASH (SHA-256):: CYCi/W8mXfCf7asdabCQvc71+DpiyasdsdQizELw=
2020-04-17 17:37:58.441 13222-13222/ro.funcode.stirisinoutatimodule E/KEY HASH Hex (SHA-256):: 0980A2FD6F26DDSADASD234AF809B090BDCEF5F83A62CA7CADAFASB310BC