I want to get my release key hash for Facebook Android SDK.
I followed facebook getting started tutorial
paste following code to my cmd
keytool -exportcert -alias androiddebugkey -keystore C:\Users\USER\.android\debug.keystore | C:\openssl\bin\openssl sha1 -binary | C:\openssl\bin\openssl base64
got
Enter keystore password:
After I enter : android
it came out
YOR7
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\Users\USER\.android\debug.keystore -destkeystore C:\Users\USER\.android\debug.keystore -deststoretype pkcs12".
without Key hash
How can I solve this problem ?
Thanks ~
can u use this code to get key for Facebook or google.
private fun printHashKey() {
try {
//Facebook
Log.i("AppLog", "key:" + FacebookSdk.getApplicationSignature(this))
//google
Log.i("AppLog", SignatureUtils.getOwnSignatureHash(this))
} catch (e: Exception) {
Log.i("AppLog", "error:", e)
}
}
I find the method from Internet
try {
PackageInfo info = getPackageManager().getPackageInfo(
"your.pakege.name",
PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.d("MyKeyHash:", Base64.encodeToString(
md.digest(),
Base64.DEFAULT));
}
} catch (Exception e) {
Log.d("FacebookHashKeyError",e.toString());
}
it turns out my key hash!
Related
This is the first time I am doing this SSL pinning on Android.
When creating OkHttp, I am adding this code:
certificatePinner(
CertificatePinner.Builder().add(
"url of the server",
"sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
).build()
)
the second parameter expects this:
SHA-256 or SHA-1 hashes. Each pin is a hash of a certificate's Subject Public Key Info, base64-encoded and prefixed with either sha256/ or sha1/.
I was given a certificate in a txt file that starts with --BEGIN CERTIFICATE-- and ends with --END CERTIFICATE--.
I am struggling to extract the hash of Public Key Info and convert it to base64.
So far I have tried these methods:
Method 1:
I put the certificate contents without BEGIN CERTIFICATE and END CERTIFICATE into some string variable. Tried to convert it into X509Certificate.
private fun certificateFromString(base64: String): X509Certificate? {
val decoded = Base64.decode(base64, Base64.NO_WRAP)
val inputStream = ByteArrayInputStream(decoded)
return CertificateFactory.getInstance("X.509").generateCertificate(inputStream) as? X509Certificate
}
Then I pass this certificate here to get Sha256 hash of the public key. Also, pay attention to c.encoded and c.publicKey.encoded. I am not sure if the method works correctly.
private fun getFingerprint(c: X509Certificate?): String {
var certificate = ""
try {
val md = MessageDigest.getInstance("SHA-256")
var publicKey = ByteArray(0)
if (c != null) {
publicKey = md.digest(c.encoded) // I tried both
publicKey = md.digest(c.publicKey.encoded) // I tried both
}
val hexString = StringBuilder()
for (aPublicKeyByte in publicKey) {
val appendString = Integer.toHexString(0xFF and aPublicKeyByte.toInt())
if (appendString.length == 1) hexString.append("0")
hexString.append(appendString)
}
certificate = hexString.toString()
} catch (e1: NoSuchAlgorithmException) {
e1.printStackTrace()
} catch (e1: CertificateEncodingException) {
e1.printStackTrace()
}
return certificate
}
then I am converting that string result to base64 like this:
private fun base64(openKey: String): String {
return Base64.encodeToString(openKey.toByteArray(), Base64.NO_WRAP).toString()
}
then I add the resulting String into the CertificatePinner class as sha256/resultingStringInBase64.
Method 2:
I changed the .txt into .pem in order to use openssl command line tools.
openssl rsa -in myCert.pem -pubout> myCert.pub
it returned writing RSA key
and when I open the generated myCert.pub, I see a text with ---BEGUN PUBLIC KEY--- and ---END PUBLIC KEY--- and a long list of letters between them.
Then I ran this to extract the sha256 hash:
openssl rsa -in myCert.pub -pubin -outform der | openssl dgst -sha256
this gave me a 64 character string 2c180286549...b1ba7.
Then I ran the command again but added base64 conversion.
openssl rsa -in myCert.pub -pubin -outform der | openssl dgst -sha256 | openssl enc -base64
The result is completely different than Method 1. Should it be the same? If so, could someone point me in the right direction? Or show how to properly get the SHA256 of Public Key.
My method I just used recently and worked succesfully:
In your Terminal, where the folder containing public key file is located, write the command:
openssl x509 -in yourFile.pem -pubkey -noout | open ssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
The result will be the your desired string (encoded in base64, which means that it'll have 44 characters, including an equal (=) symbol at the end), and must be placed in your Android code after sha256/....
Also, several methods could generate different hashes, so you can have multiple valid strings, meaning that both your generated hashes could be correct.
First of all, sorry i'm not good English. and it's my first question.
I'm trying to connect android and Mosquitto-broker in windows
with self-signed-certificate.
I succeeded connect mosquitto-broker and mosquitto_pub with my self-signed-certificate( ca.crt, server.key, server.crt, client.key, client.crt )
broker config file :
port 8883
cafile : ~~~/ca.crt.pem
keyfile : ~~~/server.key.pem
certfile : ~~~/server.crt.pem
tls_version tlsv1.2
require_certificate true
publish command :
mosquitto_pub -h ~~ -p ~~ -t ~~ -m ~~ --cafile ~~/ca.crt.pem --key
~~/client.key.pem --cert ~~/client.crt.pem
--> it works well
mosquitto_pub -h ~~ -p ~~ -t ~~ -m ~~ --cafile ~~/ca.crt.pem
--> it not works. i don't know why it doesn't work.
but, the important thing is i can't connect to android.
I've searched, android use .bks file to tls/ssl. so i tried to make .bks file with my files on above.
The order in which I created the file is .p12 -> .jks -> .bks
and these command :
.p12 : > openssl pkcs12 -export -in client.crt.pem -inkey client.key.pem -out client.p12 -certfile ca.crt.pem
.jks : > keytool -importkeystore -srckeystore client.p12 -srcstoretype pkcs12 -srcstorepass 123123 -destkeystore client.jks -deststoretype jks -deststorepass 123123
.bks : > keytool -importkeystore -srckeystore client.jks -srcstoretype JKS -srcstorepass 123123 -destkeystore client.bks -deststoretype BKS-v1 -deststorepass 123123 -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk15on-162.jar
my android code is
....
mqttAndroidClient = new MqttAndroidClient(this, "ssl://" + ipAdd.getText().toString() + ":" + port.getText().toString(), ClientID);
try {
/**/
MqttConnectOptions options = new MqttConnectOptions();
InputStream input = this.getApplication().getAssets().open("server.bks");
options.setSocketFactory(new TLSSocketFactory(input, "123123"));
IMqttToken token = mqttAndroidClient.connect(options);
token.setActionCallback(new IMqttActionListener() {
#Override
public void onSuccess(IMqttToken asyncActionToken) {
....
public class TLSSocketFactory extends SSLSocketFactory {
private SSLSocketFactory internalSSLSocketFactory;
public TLSSocketFactory(InputStream keyStore, String password) throws KeyManagementException, NoSuchAlgorithmException, IOException, CertificateException, KeyStoreException {
KeyStore ts;
ts = KeyStore.getInstance("BKS");
ts.load(keyStore, password.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ts);
TrustManager[] tm = tmf.getTrustManagers();
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, tm, null);
internalSSLSocketFactory = context.getSocketFactory();
}
....
Occured message on broker is
1564452813: OpenSSL Error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
I don't know what it mean
please help me the masters.
I found it!
the cause were not code and keys.
in my bundle dependencies part :
implementation 'org.eclipse.paho:org.eclipse.paho.client.mqttv3:1.2.1'
were the cause.
error is not occued below the mqttv3:1.2.1 version.
i don't know the difference both version.
Fingerprint API preview for Android N is found here with Sample App Sample App .As of this writing, createKey() in this method specify key_name,i don't know about key_name,Please anyone tell about key_name
/** Alias for our key in the Android Key Store */
private static final String KEY_NAME = "my_key";
public void createKey() {
// The enrolling flow for fingerprint. This is where you ask the user to set up fingerprint
// for your flow. Use of keys is necessary if you need to know if the set of
// enrolled fingerprints has changed.
try {
mKeyStore.load(null);
// Set the alias of the entry in Android KeyStore where the key will appear
// and the constrains (purposes) in the constructor of the Builder
mKeyGenerator.init(new KeyGenParameterSpec.Builder(KEY_NAME,
KeyProperties.PURPOSE_ENCRYPT |
KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
// Require the user to authenticate with a fingerprint to authorize every use
// of the key
.setUserAuthenticationRequired(true)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build());
mKeyGenerator.generateKey();
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException
| CertificateException | IOException e) {
throw new RuntimeException(e);
}
}
this my part of code,here what is KEY_NAME and key_name get from where
Just run this cmd on your terminal
/home/nn1android01user/Documents/Keystor_alicante/gerber_keystore.jks ->
this is your keystore file path
gerber -> alias name
keytool -exportcert -alias gerber -keystore /home/nn1android01user/Documents/Keystor_alicante/gerber_keystore.jks | openssl sha1 -binary | openssl base64
I have problem with generate key hash.
I make 2 key:
C:\openssl\bin>"C:\Program Files\Java\jre7\bin\keytool.exe" -exportcert -alias forumurology -keystore uroweb7228.keystore | openssl sha1 -binary | openssl base64
Enter keystore password: *******
c/6e5fY8Rg3Gshn1TKucia***/A=
C:\openssl\bin>"C:\Program Files\Java\jre7\bin\keytool.exe" -exportcert -alias a
ndroiddebugkey -keystore debug.keystore | openssl sha1 -binary | openssl base64
Enter keystore password: android
3L0oeMh7uk9YWE0sYavUuT***yU=
then save it to my facebook application settings.
When i run release .apk, i have error:
10-21 16:48:11.583: W/fb4a(:<default>):BlueServiceQueue(20097): Exception during service
10-21 16:48:11.583: W/fb4a(:<default>):BlueServiceQueue(20097): com.facebook.http.protocol.ApiException: Key hash ypC1--aybTSQXdzXGLtM-_nXydI does not match any stored key hashes.
10-21 16:48:11.583: W/fb4a(:<default>):BlueServiceQueue(20097): at com.facebook.http.protocol.ApiResponseChecker.b(ApiResponseChecker.java:83)
This is because the device is creating a new key hash which is not in your app settings. So you have to update the keyhash accordingly.. Use this in onCreate()
try {
PackageInfo info = getPackageManager().getPackageInfo("YOUR_PACKAGE_NAME", PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.d("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (NameNotFoundException e) {
} catch (NoSuchAlgorithmException e) {
}
I tried to generate the Keyhash for integrating the Facebook in our app, but when i generated the keyhash through cmd prompt, it can't generate.
C:\Users\DON\.android>keytool -exportcert -alias androiddebugkey -keystore ~/.an
droid/debug.keystore | openssl sha1 -binary | openssl base64
'keytool' is not recognized as an internal or external command,
operable program or batch file.
and another command I use is:
C:\Program Files\Java\jdk1.6.0_20\bin>keytool -exportcert -alias androiddebugkey
-keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64
'openssl' is not recognized as an internal or external command,
operable program or batch file.
What is the problem?
Using this command first download this file http://code.google.com/p/openssl-for-windows/downloads/detail?name=openssl-0.9.8k_WIN32.zip . Then extract the file and run this command:
C:\Program Files\Java\jdk1.6.0_20\bin>keytool -export -alias myAlias -keystore C:\Users\DON\.android\myKeyStore | C:\openssl\bin\openssl sha1 -binary | C:\openssl\bin\openssl enc -a -xtIm30l*********=
DON is my system name and should be replaced with your system name.
Download the openssl-for-windows package.
Extract the zip.
In windows, edit the path system variable that points to <openssl-extracted-folder>/bin
Then run the command.
First do the Facebook sdk setup then main program if you add this, you will get keyhash at console
There will be chances of 3 type keys once is debug and another is release key and after upload google changes signature ,you can provide all these 3 keys to facebook developer account ,then you can check facebook login. depending upon your app mode facebook will match the key.Use toast to see the keyhash ,if you dont know android monitor from android studio
import com.facebook.FacebookSdk;
import com.facebook.appevents.AppEventsLogger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class MainActivity extends AppCompatActivity {
#Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
FacebookSdk.sdkInitialize(getApplicationContext());
AppEventsLogger.activateApp(this);
printKeyHash();
}
private void printKeyHash() {
try {
PackageInfo info = getPackageManager().getPackageInfo(
getPackageName(), PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.i("KeyHash:",
Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (PackageManager.NameNotFoundException e) {
Log.e("jk", "Exception(NameNotFoundException) : " + e);
} catch (NoSuchAlgorithmException e) {
Log.e("mkm", "Exception(NoSuchAlgorithmException) : " + e);
}
}
}
it's late answer but it will help to lazy people like me.. add this code to your Application class, there is no need to download openssl and no need to set the path.. only need is just copy my code.. and keyHash will generated in log.
import com.facebook.FacebookSdk;
public class MyApplication extends Application {
#Override
public void onCreate() {
super.onCreate();
FacebookSdk.sdkInitialize(getApplicationContext());
AppEventsLogger.activateApp(this);
printKeyHash();
}
private void printKeyHash() {
try {
PackageInfo info = getPackageManager().getPackageInfo(
getPackageName(), PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.i("KeyHash:",
Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (PackageManager.NameNotFoundException e) {
Log.e("jk", "Exception(NameNotFoundException) : " + e);
} catch (NoSuchAlgorithmException e) {
Log.e("mkm", "Exception(NoSuchAlgorithmException) : " + e);
}
}
}
and do not forget add MyApplication class in manifest:
<application
android:name=".application.MyApplication"
</application>
Download openssl from https://code.google.com/archive/p/openssl-for-windows/downloads.
Extract the file and then execute in CMD, replancing the routes and the KeyName
keytool -exportcert -alias KEYNAME -keystore "C:\Users\YOUR_USER\.android\debug.keystore"
| "C:\URL_OPENSSL_EXTRACTED\bin\openssl" sha1 -binary
| "C:\URL_OPENSSL_EXTRACTED\bin\openssl" base64.