I'm trying to verify the checksum of a couple of Android app APKs. I'm working in a Linux environment.
For one of the files, this command worked fine:
sha256sum filename
But for the other file (the Signal app APK), I got the following output:
f2f3fe7538608f2a6c43022f09216093fffb6b37e2ffed196afe4432cdb08d71
I was aiming for this output:
29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0
EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
This seems to be an encoding issue (assuming the APK is legit), but I'm not sure how to generate the output in the correct encoding.
What you are looking at is the APK fingerprint and not the sha-256 checksum.
See the following answer for obtaining that via the keytool (a Java keystore tool)