Certificate Digests

Prevent a certificate digest from changing between collaborators across builds

Get your certificate digest

There are two ways to get your app's certificate fingerprint, also known as a certificate digest.

Locally

Run the following command:

keytool -list -v -keystore path-to-your-keystore-file -alias your-alias-name -storepass your-keystore-password

Replace the following placeholders:

  • path-to-your-keystore-file: Replace this with the path to your keystore file (e.g., `/path/to/your/keystore.jks).
  • your-alias-name: Replace this with the alias name you used when generating the key pair for your app.
  • your-keystore-password: Replace this with the password for your keystore.

Running this command will output various information about the certificate, including its SHA-256 fingerprint. Look for the "SHA256" value under the "Certificate fingerprint" section.

Keep in mind that this command is specific to Java-based Android projects. If you're using a different development environment, the process might differ slightly.

Google Admin

Log into your Google Play Admin panel for your distributed app and navigate to “App Integrity.”

Before sending us your fingerprint, convert the SHA-256 value to base64 with this command:
echo "SHA256_TEXT_REPRESENTATION" | xxd -r -p | openssl base64

Certificate hashes may change during development and pre- and post-app distribution. We are able to accept multiple certificate digests per app, if that is needed. If you'd to prevent this value from changing during development among multiple developers, follow the next step.

Preserve the digest

On Android, license key activation require a defined package name and certificate digest. While we can store multiple certificate digests for a given package name, you have to send us each hash every time it's generated. When sharing code between developers, this requirement can slow down your process. An alternative to that is to update your gradle file to preserve the certificate digest so that the hash won't change between local builds.

Simply update your gradle file with the following:

// Load debug keystore
    def debugKeystorePropertiesFile = rootProject.file("keystores_lensdemo/debug.keystore.properties")
    def debugKeystoreProperties = new Properties()
    debugKeystoreProperties.load(new FileInputStream(debugKeystorePropertiesFile))

    // Load release keystore
    def keystorePropertiesFile = rootProject.file("keystores_lensdemo/release.keystore.properties")
    def keystoreProperties = new Properties()
    keystoreProperties.load(new FileInputStream(keystorePropertiesFile))

    signingConfigs {
        debug {
            storeFile file(debugKeystoreProperties['MYAPP_RELEASE_STORE_FILE'])
            storePassword debugKeystoreProperties['MYAPP_RELEASE_STORE_PASSWORD']
            keyAlias debugKeystoreProperties['MYAPP_RELEASE_KEY_ALIAS']
            keyPassword debugKeystoreProperties['MYAPP_RELEASE_KEY_PASSWORD']
        }
        release {
            storeFile file(keystoreProperties['MYAPP_RELEASE_STORE_FILE'])
            storePassword keystoreProperties['MYAPP_RELEASE_STORE_PASSWORD']
            keyAlias keystoreProperties['MYAPP_RELEASE_KEY_ALIAS']
            keyPassword keystoreProperties['MYAPP_RELEASE_KEY_PASSWORD']
        }
    }

...

    buildTypes {
        debug {
            signingConfig signingConfigs.debug
            ...
        }
        release {
            signingConfig signingConfigs.release

We recommend you follow this same process for your production build, to ensure that it always has the same hash value.