Home » Android » security – How to read SHA and MD5 fingerprint programmatically in Android

security – How to read SHA and MD5 fingerprint programmatically in Android

Posted by: admin June 15, 2020 Leave a comment

Questions:

Hello I want to read SHA and MD5 fingerprint value of keystore programmatically of my app from which it was signed.

I’ll take either SHA or MD5 value as key for security. This key I will use in the code to encrypt something and decrypt same at server end.

Is there any way to find this or is there any way to do same using different good approach. This should be in such a way nobody other can find this key.

Thanks in advance.

How to&Answers:
PackageInfo info;
try {

    info = getPackageManager().getPackageInfo(
        "com.your.package.name", PackageManager.GET_SIGNATURES);

    for (Signature signature : info.signatures) {
        MessageDigest md;
        md = MessageDigest.getInstance("SHA");
        md.update(signature.toByteArray());
        String hash_key = new String(Base64.encode(md.digest(), 0));
    }

} catch (NameNotFoundException e1) {
} catch (NoSuchAlgorithmException e) {
} catch (Exception e) {
}

Answer:

try this:

/**
 * 
 * @param pkg packageName
 * @return
 */
public String getSingInfo (String pkg) {
    try {
        PackageInfo packageInfo = getPackageManager().getPackageInfo(pkg, PackageManager.GET_SIGNATURES);
        Signature[] signs = packageInfo.signatures;
        Signature sign = signs[0];
        String s = getMd5(sign);
        return "md5:" + s ;
    } catch (Exception e) {
        e.printStackTrace();
    }

    return "";
}



private String getMd5 (Signature signature) {
    return encryptionMD5(signature.toByteArray());
}

public static String encryptionMD5(byte[] byteStr) {
    MessageDigest messageDigest = null;
    StringBuffer md5StrBuff = new StringBuffer();
    try {
        messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.reset();
        messageDigest.update(byteStr);
        byte[] byteArray = messageDigest.digest();
        for (int i = 0; i < byteArray.length; i++) {
            if (Integer.toHexString(0xFF & byteArray[i]).length() == 1) {
                md5StrBuff.append("0").append(Integer.toHexString(0xFF & byteArray[i]));
            } else {
                md5StrBuff.append(Integer.toHexString(0xFF & byteArray[i]));
            }
        }
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    return md5StrBuff.toString();
}

Answer:

  1. Find the path of your application’s APK file by calling Context.getPackageCodePath()
  2. Copy that APK to a writeable directory of your choice
  3. Use apk-parser to get the information you need from the APK (see example below)

That library is able to decompress the APK file and parse all of its content. An example extracted from the apk-parser’s Github page, tailored to your needs:

try {
  ApkParser apkParser = new ApkParser(new File(filePath));
  ApkSignStatus signStatus = apkParser.verifyApk(); // not needed
  List<CertificateMeta> certs = apkParser.getCertificateMetas();
  for (CertificateMeta certificateMeta : certs) {
    System.out.println(certificateMeta.getCertMd5());
  }
} catch (Exception e) {
  e.printStackTrace();
}

Answer:

Easiest Way

  1. Open Android Studio
  2. Open Your Project
  3. Click on Gradle (From Right Side Panel, you will see Gradle Bar)
  4. Click on Refresh (Click on Refresh from Gradle Bar, you will see List Gradle scripts of your Project)
  5. Click on Your Project (Your Project Name form List (root))
  6. Click on Tasks
  7. Click on android
  8. Double Click on signingReport (You will get SHA1 and MD5 in Run Bar)

Check Screenshot below:

enter image description here