2

I have a android library. I need to add function to check whether only valid users use this library. In order to this I need to read the values from android keystore. How can I read values from android keystore ?

Chrishan
  • 4,076
  • 7
  • 48
  • 67
  • What do you mean by the 'android keystore'? The certificate trust store? What exactly are you trying to do? – Nikolay Elenkov Mar 19 '12 at 01:53
  • I'm referring to the .keystore file which we use to sign the apk file before uploading to market. – Chrishan Mar 19 '12 at 06:21
  • OK, but what are you trying to do? This file only exists on your developer workstation, it is never included in the app. You could get the signing certificate from the app, but that wouldn't really help in identifying 'valid' users. Provide more details about your approach. – Nikolay Elenkov Mar 19 '12 at 06:41
  • I have a library file which is propitiatory. So when someone purchase it I'll create a custom library for them. They can buy it in both duration wise or package wise. If its package wise buyer should mention his package name. So I can validate using getPackageName() method. But if it is duration wise I need to check for both time and validity of the application. If I can get the Certificate fingerprint I can check for validity. – Chrishan Mar 19 '12 at 08:58

1 Answers1

0

You can use `PacakgeInfo.signatures' to get an apps's signing certificate. Typically there is only one signature so this should give you the certificate (it holds the certificate, even though it's called 'signature'). You can take SHA1, etc. hash of the blob to have a fingerprint for comparison. 

PackageInfo pi = packageManager.getPackageInfo(getPackageName());
byte[] certificate = pi.signatures[0].toByteArray();
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] fingerprint = md.digest(certificate);
String hexFingerprint = toHexString(fingerprint);

Of course, for this check to work, you will need to embed the fingerprint in your library. Keep in mind that it's quite easy to decompile it, and replace the fingerprint.

Nikolay Elenkov
  • 52,576
  • 10
  • 84
  • 84
  • How can I get something like this Certificate fingerprint (MD5): 94:1E:43:49:87:73:BB:E6:A6:88:D7:20:F1:8E:B5:98 – Chrishan Mar 19 '12 at 10:09
  • Use the `MessageDigest` class to calculate the fingerprint. Then possibly convert to a hexadecimal string. See updated answer. – Nikolay Elenkov Mar 19 '12 at 13:18