Search code examples
androidprovisioningdevice-policy-managerdevice-ownerandroid-for-work

How do I get the signature checksum of my APK?


I would like to use the signature checksum instead of the package checksum when provisioning a device with a device owner app. The app will be downloaded from an http server.

This post is great when using EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM: Checksum Error while provisioning Android Lollipop

But I would like to use EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM. See: https://developer.android.com/reference/android/app/admin/DevicePolicyManager.htm

The provisioning app and device owner app will both on be running on Android O.

How do I get the signature checksum of my app that I can use in my key/value pair for NFC?


Solution

  • Try this

    keytool -list -printcert -jarfile [path_to_your_apk] | grep -Po "(?<=SHA256:) .*" | xxd -r -p | openssl base64 | tr -d '=' | tr -- '+/=' '-_'
    

    In details:

    • keytool -list -printcert -jarfile [path_to_your_apk] extracts informations about the certificate of the APK,
    • grep -Po "(?<=SHA256:) .*" | xxd -r -p takes the SHA256 hash and converts it to binary,
    • openssl base64 encodes it with base64,
    • tr -d '=' | tr -- '+/=' '-_' makes it URL-safe (+ is encoded as -, / is encoded as _ and the padding character = is removed).