Questions about certificates and keys in Android development

Source: Internet
Author: User
Tags openssl sha1

Introduction to issues such as certificates and keys in Android development

In addition to the need to use a certificate for Android to publish an app signature, you need to apply for API key when you are developing Google Maps API and the development of the Facebook SDK API, as well as a certificate when applying for these API keys.

When developed with Eclipse and ADT, the certificates are automatically generated and can be seen in Eclipse Window->preferneces, Android---Bulid setting

Also that this development debug with the certificate in C:\Users\Haihua\.android\debug.keystore, on this page we can also see MD5 and SHA1 fingerprint code, this SHA1 fingerprint code in the Google Map API You need to use the key when you apply.

If single-player development applications generally do not matter, but team development, it is best to use the same debug.keystore, so that the switch between mobile phones, can be seamlessly installed, but also use the same API key, so that each machine must be compiled to apply their own different API key. However, you must use the default alias and password (give alias name = Androiddebugkey and password = Android), otherwise the added custom certificate will fail. If the alias is not correct, you will be prompted with the following error in the bold build position of the above dialog box

When the alias and password are incorrect, the following error is reported

Of course there will be some other errors, such as the following error using Android Studio


Assuming a custom certificate has been set, it will be as shown in

This visualization tool can be used to view information such as the SHA1 of the release certificate, but because it uses the default password, there is no way to see it.

After you set up your custom certificate, clean it, and then recompile and run it with a custom certificate. I will pack the apk file, rename it to zip or rar after unzip, and then unzip the \meta-inf\cert. The RSA file is the signed certificate, using Keytool for this certificate:

Keytool-printcert–file \meta-inf\cert. Rsa

Will get a detailed information about this certificate, there are two certificates, the previous one is automatically generated certificate, the latter is a certificate I tried to do. The details are as follows

How to generate a certificate command line to generate a certificate

The build certificate uses a Keytool tool that comes with the JDK, and when used in CMD as above, you need to set the relevant path to the environment variable, such as my local path named C:\Program Files\java\jdk1.8.0_05\bin, Add it to the environment variable in Windows.

The above generated debug certificate can use the following command

Keytool-genkey-alias androiddebugkey-keyalg rsa-keysize 1024-keypass android-validity 365-keystore C:\test\mozatdev . Keystore-storepass Android

As for the specific build certificate and Keytool tool, you can see the following link:

Java Keytool Certificate Tools use summary

Android signature mechanism: Generate KeyStore, sign, view signature information


Visualize the generation of certificates

The above is to use the command line to generate certificates, then there is no visual way to generate certificates?

I now know that you can use the Eclipse's ADT tool, right-click on the project name, select "Android Tools", "Export signed Application package ..." (Output signed application packages)

Sometimes there are some lint Error in the project, click Yes will pop up the following dialog box

This time we can ignore the error check, as shown, after the setup, you need to clean and then re-call the above release package tools, otherwise there is no way to proceed to the next step.

The next step is to create a key.

The process of creation can refer to the "ANDROID_APK installation package production process Diagram" on the internet.

The disadvantage of the above visualization method is that you must really hit the package to generate the certificate.

How to apply for Google Map V2 Api KEY

About this step online has a very special post, here do not start, follow the line, currently for the above Mozatdev.keystore application for the following two API Key

Specific reference links

Traditional version (includes a complete Goole map development)

HTTP://WWW.MOKE.TW/WORDPRESS/COMPUTER/ADVANCED/410 (recommended to see this, the picture below is too small)


Google Map API is not used here, this is too late to do the finishing.

How to apply for Facebook API Key

The Google Map API key application above is using the SHA1 fingerprint, which is relatively complex to use when applying for the Facebook SDK API, because he needs to use the Keyhash, which is similar to the following:

Keytool-exportcert-alias Androiddebugkey-keystore C:\Users\Haihua\.android\debug.keystore | C:\OpenSSL\bin\openssl Sha1-binary | C:\OPENSSL\BIN\OPENSSL Base64

The result of the operation is similar to the following, when the password output generated hash is the same, directly with the return and enter the correct password, the result is the same, the difference is the former can not be used, the latter could use, as for why, with the algorithm, I did not go to scrutiny.

In addition to the Keytool tools mentioned above, there is a need to install a OpenSSL, you can download an installation package from the following link

Of course, if you don't want to be so troublesome to install these tools, you can also use the code in the following link to get the hash, but I have not tried.

For details, please refer to Facebook's website

Official documents

A relatively old Chinese translation


A traditional version of the link (I think it's quite useful)


Here too late to do the relevant API use of the specific introduction, just a brief introduction of the application API Key.

Through the above two specific API key application, presumably for the Android certificate will have a more intuitive understanding.

Summarize some commands

The following separate several CMD commands used to extract the

Commands for generating certificates

Keytool-genkey-alias androiddebugkey-keyalg rsa-keysize 1024-keypass android-validity 365-keystore C:\test\mozatdev . Keystore-storepass Android

Commands to view certificate details

Keytool-list-v-keystore C:\Users\Haihua\.android\debug.keystore-alias Androiddebugkey-storepass android-keypass Android

How to view the APK signed certificate details. Because I do not know how to view the APK installation, only know to take the apk rename after decompression, get \meta-inf\cert. RSA file, and then perform the following command to view it.

Keytool-printcert-file C:\test\ShellShabikDev\cert.rsa

There is also a way to use Jarsigner to view, but this will look at all the files, and not see SHA1 and other fingerprints, specific commands

Jarsigner-verify-verbose-certs Shellshabik.rar

Specific display

SM 3122 Mon 15:51:26 SGT res/drawable-xxhdpi/common_signin_btn_text_pressed_dark.9.png

Cn=franksun,, O=mozat, L=singapore, St=singapore, C=SG

[Certificate is valid from 23/08/14 pm 10:07 to 23/08/15 10:07]

[Certpath not Validated:path does no chain with any of the trust anchors]

Related commands for exporting certificates

Keytool-exportcert-alias Androiddebugkey-keystore C:\Users\Haihua\.android\debug.keystore | C:\OpenSSL\bin\openssl Sha1-binary | C:\OPENSSL\BIN\OPENSSL Base64

Questions about certificates and keys in Android development

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.