In the README of MSAL, a configuration file is discussed, containing what is referred to by "YOUR_BASE64_URL_ENCODED_PACKAGE_SIGNATURE".
They also advise the user to store this as a "raw" resource.
This is the template given:
{
"client_id" : "<YOUR_CLIENT_ID>",
"redirect_uri" : "msauth://<YOUR_PACKAGE_NAME>/<YOUR_BASE64_URL_ENCODED_PACKAGE_SIGNATURE>",
"broker_redirect_uri_registered": true,
}
Won't the contents of this file affect the signature? How is it possible to have a static asset containing the signature?
I'm led to believe that this is not, as I thought, a cryptographic signature of the APK.
I couldn't figure out what it is.
I think it makes sense, it shouldn't be static. You want Microsoft to be able to prove that it is authenticating against your real app and not a modified or different application. This is the signed application for release with apk.
You need to sign your app in order to be able to put it on the play store or to have it validate: https://developer.android.com/studio/publish/app-signing
Per the Microsoft documentation:
https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-android#integrate-with-microsoft-authentication-library
it tells you how to generate the hash. in the portal when you set up the authentication on app reg it will give you a command like
keytool -exportcert -alias SIGNATURE_ALIAS -keystore PATH_TO_KEYSTORE | openssl sha1 -binary | openssl base64 to generate the signature it just gets gets the signature of the android keystore keys.
Related
I have an application that uses FirebaseAuthUI, it enables Facebook sign in, everything works fine in Debug, but when I upload the application in release mode, the application crashes with this log:
Facebook provider cannot be configured without dependency. Did you forget to add 'com.facebook.android:facebook-login:VERSION' dependency?
com.firebase.ui.auth.AuthUI$IdpConfig$FacebookBuilder.<init>
I have debuged the application, and the error is produced in this line:
if (!ProviderAvailability.IS_FACEBOOK_AVAILABLE) {
throw new RuntimeException(
"Facebook provider cannot be configured " +
"without dependency. Did you forget to add " +
"'com.facebook.android:facebook-login:VERSION' dependency?");
}
This means that Facebook is not available, however I've setup the Facebook hash value with the release key store and key store path using this code:
keytool -exportcert -alias <aliasName> -keystore <keystoreFilePath> | openssl sha1 -binary | openssl base64
Which gave the hash that I've put into the Facebook app settings.
I'm using this library as a dependency in my build.gradle file : 'com.facebook.android:facebook-android-sdk:5.+'.
Extra info The Facebook application is installed in my phone.
Inside ProviderAvailability checks are performed using the reflection API. If you are using Proguard, add the below line in your proguard-rules.pro file to prevent class name obfuscation:
-keepnames class com.facebook.login.LoginManager
Does anyone have any idea where the public keys used for signing (platform, shared, media and release key ) stored in the final generated Android OS image?
The 'Signing Builds for Release' ( https://source.android.com/devices/tech/ota/sign_builds ) page provides information on how Android OS images are signed.
The standard Android build uses four keys, all of which reside in build/target/product/security:
testkey: Generic default key for packages that do not otherwise specify a key. Used for development builds
releasekey: Generic default key for packages that do not otherwise specify a key.Used for release builds
platform: Test key for packages that are part of the core platform.
shared: test key for things that are shared in the home/contacts process.
media: Test key for packages that are part of the media/download system.
The public keys (releasekey.x509.pem, platform.x509.pem, shared.x509.pem, media.x509.pem) associated with the above private keys need to be included as part of the Android image.
These are provided as part of the build process and generally stored in build/target/product/security on the host used to build the Android OS image
However, what is not provided is where the public keys used for signing are located in the generated OS image.
For example when dm-verity is used, the RSA-2048 key in libmincrypt-compatible format is stored in the /boot partition at /verity_key.
They are not stored directly, but are stored as part of signed apk which are already part of system image. PackageManager parses them and store them in
/data/system/packages.xml.
In that xml you see tags like:
public-key identifier
Which contains public key of all apks.
In case you already have some apk which is also on device, you can unzip it.
// To get public key from apk
openssl pkcs7 -inform DER -print_certs -out cert.pem -in CERT.RSA
openssl x509 -in cert.pem -pubkey -noout
This will be same as one of public keys stored in packages.xml
Apart from this in device at /etc/security/mac_permissions.xml there are signatures which tell that app with certain signature below to certain SE context.
You can read its details at
http://androidxref.com/7.1.1_r6/xref/system/sepolicy/README
OTA certificates are stored at /etc/security/otacerts.zip which is used by recovery system.
I have integrated LinkedIn SDk. It worked fine on debug mode but in release mode it giving invalid request.
I have used this command to create release key hash:
keytool -exportcert -keystore D:\path\keystore.jks -alias Password | "C:\openssl\bin\openssl.exe" sha1 -binary | "C:\openssl\bin\openssl.exe" base64
followed this: https://developer.linkedin.com/docs/android-sdk
Not able find a solution ,Please help
Here're two of possible solutions about your problem.
Check and add both hashes (release and debug) and don't see any problems maybe you have some problem with proguard.
If you match your requests' query strings or posted jsons' object labels with your classes' property names and you proguard your domain classes you may have problems with your requests. Check your requests and if you see problem use #SerializedName annotation in your domain classes or request bean classes.
I am trying desperately to export my signed APK after building my Unity project for Android as a "Google development build" and opening it in Android Studio.
I have looked at several other questions and am trying to follow https://developer.android.com/studio/publish/app-signing.html but am having a problem creating my keystore. I have followed the tutorial verbatim but can't create a valid path for the keystone -
I don't understand what I need to do. I have tried /home/users/keystores/android.jks I have tried /home/users/keystores/myprojectname.jks and just sticking it on my desktop. These are the errors Im getting-
I have tried locating android.jks but can't find anything using finder. Is it because I am on a mac? What am I doing wrong here? How can I generate my keystore so I can publish?
/home/users/keystores/ is most likely not a valid path on your mac. Try to create the keystore in a valid location like in your user's home directory:
/home/YOUR_USERNAME/
Verify that the keystore file has been created in that location.
#skyguy You have to create a keystore first using the keytool.
The keygen tool can be accessed via command line and is already included in the JDK.
If you scroll down that link I posted in my comment above, you will see the following example -
Suppose you want to create a keystore for managing your public/private key pair and certificates from entities you trust.
Generating Your Key Pair The first thing you need to do is create a
keystore and generate the key pair. You could use a command such as
the following:
keytool -genkeypair -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US"
-alias business -keypass kpi135 -keystore /working/mykeystore
-storepass ab987c -validity 180 (Please note: This must be typed as a single line. Multiple lines are used in the examples just for legibility purposes.)
This command creates the keystore named "mykeystore" in the "working"
directory (assuming it doesn't already exist), and assigns it the
password "ab987c". It generates a public/private key pair for the
entity whose "distinguished name" has a common name of "Mark Jones",
organizational unit of "JavaSoft", organization of "Sun" and
two-letter country code of "US". It uses the default "DSA" key
generation algorithm to create the keys, both 1024 bits long.
It creates a self-signed certificate (using the default "SHA1withDSA"
signature algorithm) that includes the public key and the
distinguished name information. This certificate will be valid for 180
days, and is associated with the private key in a keystore entry
referred to by the alias "business". The private key is assigned the
password "kpi135".
The command could be significantly shorter if option defaults were
accepted. As a matter of fact, no options are required; defaults are
used for unspecified options that have default values, and you are
prompted for any required values. Thus, you could simply have the
following:
keytool -genkeypair
In this case, a keystore entry with alias "mykey" is created, with a newly-generated key pair and a certificate
that is valid for 90 days. This entry is placed in the keystore named
".keystore" in your home directory. (The keystore is created if it
doesn't already exist.) You will be prompted for the distinguished
name information, the keystore password, and the private key password.
The rest of the examples assume you executed the -genkeypair command
without options specified, and that you responded to the prompts with
values equal to those given in the first -genkeypair command, above (a
private key password of "kpi135", etc.)
Once you have created a keystore, you can point to its location and sign your apk.
I have been trying to obtain a public map api key for my Android app. However the public key that I receive from Google does not work.
I have been using the following steps:
Obtaining Release Public Map API Key
1.Obtain Private Key:
Use Export of Eclipse to sign release application and create new keystore
2.Obtain MD5 certificate:
using alias and keystore set up
use keytool in Java directory: keytool -list -alias poly_alias -keystore
copy MD5 certificate
3.Obtain API Map Key:
Visit http://code.google.com/android/maps-api-signup.html and enter MD5 certificate
copy key
4.Use New Map API Key:
insert new map key for string in strings.xml for string mapApiKey
Does anyone have any suggestions on what I am doing wrong?
You were sketchy on the last step, so you may want to look at the final two steps on this page:
http://code.google.com/android/add-ons/google-apis/mapkey.html#finalsteps.
If it still doesn't work, you may want to explain what is happening, and change the values, but you may want to show an example of one of your layout files and the android manifest, to see if you may have made a typo or something.
You are following instructions for using the release signing key. Make sure you are building your APK in release mode. Normally, you build in debug mode and would use a Maps API key based on the debug signing key.