How to find the key an Android app was signed with

I found this on stack overflow, so I am just recapturing here since i found it so useful.

First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file).

Then issue this command:

     keytool -printcert -file ANDROID_.RSA

You will get certificate fingerprints like this:

     MD5:  B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
     SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
     Signature algorithm name: SHA1withRSA

Then use the keytool again to print out all the aliases of your signing keystore:

     keytool -list -keystore my-signing-key.keystore

You will get a list of aliases and their certificate fingerprint:

     android_key, Jan 23, 2010, PrivateKeyEntry,
     Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB

Voila! we can now determined the apk has been signed with this keystore, and with the alias ‘android_key’.

Keytool is part of Java, so make sure your PATH has Java installation dir in it.





Leave a Reply

Your email address will not be published. Required fields are marked *