15

I just want some confirmation.

I'm developing on windows

I'm attempting to integrate facebook into an app and the SDK documentation says I need to 'export a signature'

From here: http://developers.facebook.com/docs/guides/mobile/#android

So it says run this command:

 keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64

First I had to download openssl: OpenSSL

Now the command above, I assume should be converted to:

"C:\path\to\java\keytool" -exportcert -alias your_alias -keystore "C:\path\to\your\keystore\keystore.name" | "C:\path\to\openssl_install\bin\openssl" sha1 -binary |"C:\path\to\openssl_install\bin\openssl" base64
  • So you want the keytool that is installed in your latest Java install folder?
  • You want the alias to be the name of the alias you use for a normal apk creation in eclipse?
  • You want the keystore to be the one you use when exporting android apps?
  • You want openssl to be the one you just installed

So once I've done this it asks for a password: (it shows the password as I'm typing it)

If I enter a correct password I get

'zR2tey1h9kqPRSW/yEYEr0ruswyD=' (changed for public)

but if I enter an incorrect password it still returns me a code in the form of

'ga0RGNYHvTR5d3SVDEfpQQAPGJ1='?

So yeah, was just looking for a confirmation that I'm doing the right thing, and this is the output expected

Blundell
  • 75,855
  • 30
  • 208
  • 233

3 Answers3

12

the best way to get your hash is by running the following code:

try {
            PackageInfo info = getPackageManager().getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES);
            for (Signature signature : info.signatures) {
                MessageDigest md;

                    md = MessageDigest.getInstance("SHA");
                    md.update(signature.toByteArray());
                    String something = new String(Base64.encode(md.digest(), 0));
                    Log.e("hash key", something);
        } 
        }
        catch (NameNotFoundException e1) {
            // TODO Auto-generated catch block
            Log.e("name not found", e1.toString());
        }

             catch (NoSuchAlgorithmException e) {
                // TODO Auto-generated catch block
                 Log.e("no such an algorithm", e.toString());
            }
             catch (Exception e){
                 Log.e("exception", e.toString());
             }

when extracting the hash with windows cmd,git bash or cygwing terminal, the three tools give different result.

the most accurate is the code above

hriziya
  • 1,116
  • 1
  • 23
  • 41
Mina Wissa
  • 10,923
  • 13
  • 90
  • 158
  • @Mina What is the import for that Base64 class? – Blundell Jun 26 '11 at 14:55
  • It's included in Android 2.2, if you're running on a lower version, build your app against 2.2, run the code and obtain the hash, then build the app against your initial target. – Mina Wissa Jun 26 '11 at 14:59
  • Hmm now I'm even more confused because that's given me a different hash code to one the I got using my question method – Blundell Jun 26 '11 at 15:06
  • yes that's normal, try using the hash you got from cmd, you may recieve invalid key exception. check this link:http://p-xr.com/implementing-facebook-into-your-app-invalid-key-with-keytool/ – Mina Wissa Jun 26 '11 at 15:10
  • But that's the problem, I'll be using someone else's facebook dev page so I want to send them my hash once not worry that I'll then have to apologise and send them another. Need a definitive answer of why they are different. – Blundell Jun 26 '11 at 15:31
  • I don't know exactly why they're different. I had such a scenario before and I had three different hashes from three different methods and the only one that worked is the above code. – Mina Wissa Jun 26 '11 at 15:36
  • For me it worked by using the code above, but attach the running app with the debugger, and then it will output the keyvalue log which works, and if i take the "=" symbol. The weird part is that i had a toast to output the string, and the toas displays a different key on the real device app, but on the debug shows the real one. Weird. – Miguel Sep 04 '13 at 17:24
  • @MinaSamy In my case, keytool and PackageManager code gives same hash. Issue might be related to incorrect keystore password or incorrect keytool command parameters if different hashes are generated. – Baha Nov 07 '15 at 23:38
1

yes you are doing it in a right way i think.i also execute this command and put this hash in my fb app and its works properly.

Ritesh
  • 306
  • 1
  • 5
  • 12
0

Answer to your question below:

So once I've done this it asks for a password: (it shows the password as I'm typing it)

If I enter a correct password I get

'zR2tey1h9kqPRSW/yEYEr0ruswyD=' (changed for public) but if I enter an incorrect password it still returns me a code in the form of

'ga0RGNYHvTR5d3SVDEfpQQAPGJ1='? So yeah, was just looking for a confirmation that I'm doing the right thing, and this is the output expected

keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64 has three commands feeding output of preceding command to following command.

  1. keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore
  2. openssl sha1 -binary
  3. openssl base64

When incorrect keystore password is given, first command generates error but that won't be displayed as that would be input to second command and different hash is generated. Only run first keytool command (keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore) to confirm your keystore password and if it is right. If password is incorrect, similar to output below will be displayed. 

> keytool -exportcert -alias androiddebugkey -keystore

~/.android/debug.keystore Enter keystore password:
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

Provide android to answer for Enter keystore password: for prompt if android debug hash is generated. Default password for android debug keystore is android

Command could also have written to catch error from keytool command to see if command 1 returned error before running command 2.

So you want the keytool that is installed in your latest Java install folder?

You want the alias to be the name of the alias you use for a normal apk creation in eclipse?

You want the keystore to be the one you use when exporting android apps?

You want openssl to be the one you just installed?

Yes to all of questions above. PATH could be setup not to type full path for keytool and openssl.

Baha
  • 475
  • 1
  • 10
  • 26