android - How to generate 11 char hash key for Sms Retriever with Google App signing

Question

I had generated the 11 char hash using the AppSignatureHelper class. But after uploading the apk to play store, they hash doesn't work anymore. And I found out that Play replaces the key with another one which is why the hash gets changed as well. Now I'm having trouble getting the 11 char hash key.

I don't know how to use the commands given by Google. I found this command from here

keytool -exportcert -alias MyAndroidKey -keystore MyProductionKeys.keystore | xxd -p | tr -d "[:space:]" | echo -n com.example.myapp `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11

Since, Play App signing is enabled for my app, I'll have to use this command,

keytool -exportcert -keystore MyProductionKeys.keystore | xxd -p | tr -d "[:space:]" | echo -n com.example.myapp `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11

I've replaced keytool with its path from the JDK's bin folder but then it was saying xxd was not recognized so I downloaded it from a website now it's saying tr is not recognized, I guess it'll say that for cut as well.

Please pardon me if it seems too noob of me asking it, but how can I resolve this?

UPDATE: I've tried the second command from above on a linux machine, the command worked and gave me 11 character hash but still the SMS Retriever is not working.

SOLUTION: With the help of Nick Fortescue's answer, I downloaded the DER formatted file. Then converted it to a .jks file using the following command,

keytool -importcert -alias myalias -file deployment_cert.der -keystore certificate.jks -storepass mypassword

Then performed the first command from above on certificate.jks and it worked!

question from:https://stackoverflow.com/questions/51365778/how-to-generate-11-char-hash-key-for-sms-retriever-with-google-app-signing

Answer 1

Here is the complete step by step guide .

1. Go to play console -> open app -> Release management -> App Signing -> Download Certificate . Like in below screen shot

This will give you deployment_cert.der file

2. Convert the deployment_cert.der file to a .jks file

use below command

keytool -importcert -alias YOUR_ALIAS -file deployment_cert.der -keystore certificate.jks -storepass YOUR_PASSWORD

Replace YOUR_ALIAS,YOUR_PASSWORD with yours which used in keystore . In place of deployment_cert.der use complete path if required

After entering this command it will ask

Trust this certificate? [no]: yes

type yes and click enter . It will show message

Certificate was added to keystore

This will generate a new file certificate.jks

3. Now in terminal enter command

   keytool -exportcert -alias YOUR_ALIAS -keystore certificate.jks | xxd -p | tr -d "[:space:]" | echo -n YOUR_PACKAGE `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11

Replace YOUR_ALIAS,YOUR_PACKAGE with yours which used in keystore,project . In place of certificate.jks use complete path if required

it will ask for password

Enter keystore password: mypassword

enter your password and you will get the hash .

EDIT For MacOS users:

If you're using MacOS you can install sha256sum by installing coreutils like this:

brew install coreutils

Or you can use shasum -a 256 instead of sha256sum like this:

keytool -exportcert -alias YOUR_ALIAS -keystore certificate.jks | xxd -p | tr -d "[:space:]" | echo -n YOUR_PACKAGE `cat` | shasum -a 256 | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11

Credits to Abhinav Gupta and Op of this question Farhan Farooqui and above answer from Nick Fortescue