Certificate Digests
Prevent a certificate digest from changing between collaborators across builds
Get your certificate digest
There are two ways to get your app's certificate fingerprint, also known as a certificate digest.
Locally
Run the following command:
keytool -list -v -keystore path-to-your-keystore-file -alias your-alias-name -storepass your-keystore-password
Replace the following placeholders:
path-to-your-keystore-file
: Replace this with the path to your keystore file (e.g., `/path/to/your/keystore.jks).your-alias-name
: Replace this with the alias name you used when generating the key pair for your app.your-keystore-password
: Replace this with the password for your keystore.
Running this command will output various information about the certificate, including its SHA-256 fingerprint. Look for the "SHA256" value under the "Certificate fingerprint" section.
Keep in mind that this command is specific to Java-based Android projects. If you're using a different development environment, the process might differ slightly.
Google Admin
Log into your Google Play Admin panel for your distributed app and navigate to “App Integrity.”
Before sending us your fingerprint, convert the SHA-256 value to base64 with this command:
echo "SHA256_TEXT_REPRESENTATION" | xxd -r -p | openssl base64
Certificate hashes may change during development and pre- and post-app distribution. We are able to accept multiple certificate digests per app, if that is needed. If you'd to prevent this value from changing during development among multiple developers, follow the next step.
Preserve the digest
On Android, license key activation require a defined package name and certificate digest. While we can store multiple certificate digests for a given package name, you have to send us each hash every time it's generated. When sharing code between developers, this requirement can slow down your process. An alternative to that is to update your gradle file to preserve the certificate digest so that the hash won't change between local builds.
Simply update your gradle file with the following:
// Load debug keystore
def debugKeystorePropertiesFile = rootProject.file("keystores_lensdemo/debug.keystore.properties")
def debugKeystoreProperties = new Properties()
debugKeystoreProperties.load(new FileInputStream(debugKeystorePropertiesFile))
// Load release keystore
def keystorePropertiesFile = rootProject.file("keystores_lensdemo/release.keystore.properties")
def keystoreProperties = new Properties()
keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
signingConfigs {
debug {
storeFile file(debugKeystoreProperties['MYAPP_RELEASE_STORE_FILE'])
storePassword debugKeystoreProperties['MYAPP_RELEASE_STORE_PASSWORD']
keyAlias debugKeystoreProperties['MYAPP_RELEASE_KEY_ALIAS']
keyPassword debugKeystoreProperties['MYAPP_RELEASE_KEY_PASSWORD']
}
release {
storeFile file(keystoreProperties['MYAPP_RELEASE_STORE_FILE'])
storePassword keystoreProperties['MYAPP_RELEASE_STORE_PASSWORD']
keyAlias keystoreProperties['MYAPP_RELEASE_KEY_ALIAS']
keyPassword keystoreProperties['MYAPP_RELEASE_KEY_PASSWORD']
}
}
...
buildTypes {
debug {
signingConfig signingConfigs.debug
...
}
release {
signingConfig signingConfigs.release
We recommend you follow this same process for your production build, to ensure that it always has the same hash value.
Updated 3 months ago