I have an API which I will call from an android app. The authentication is with oauth2 and I have the ressource owner password-flow.
So when I want to get an accesstoken I need username, password, clientId and clientSecret.
My problem is: How can I store the clientSecret in my app? I read that someone stores it in bytes an generates the string when he needs it.
My idea was to use the signature(SHA) as clientSecret.
So I found this function:
private String getKeyHash(String packagename)
{
String hash = "";
try
{
PackageInfo info = getPackageManager().getPackageInfo(packagename, PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures)
{
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
String sign= Base64.encodeToString(md.digest(), Base64.DEFAULT);
Log.e("MY KEY HASH:", sign);
Toast.makeText(getApplicationContext(),sign, Toast.LENGTH_LONG).show();
}
}
catch (PackageManager.NameNotFoundException e)
{
}
catch (NoSuchAlgorithmException e)
{
}
return hash;
}
Which is the better/safest solution?
Or is there a better way?
Related
I'd like my app to compute and show a hash of the app's apk file. It's easily done in Java, but how do I do it for an apk?
The problem is to get a path to the app's apk. In Java
URL url = AutoCheck.class.getResource("Main.class") ;
will find the needed url.
I get the hash code with this code
private void getHash(){
try {
PackageInfo info = getPackageManager().getPackageInfo(YourPackageName, PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
System.out.println("keyhash: " + Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (Exception e) {
System.out.println("cannot obtain keyhash, " + e.toString());
}
}
Not sure if this is what you need though
I have a requirement where i need to find the APK Cert sha256 . I am able to find the SHA1 and MD5 using signing report in android studio. But i could not find SHA256 cert. How can i find that.
use this method:
//HashKey Generator
public static String getProjectHashKey(Context context) {
String hashKey = "";
try {
PackageInfo info = context.getPackageManager().getPackageInfo(
context.getPackageName(),
PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
hashKey = Base64.encodeToString(md.digest(), Base64.DEFAULT);
Log.d("KeyHash:", hashKey);
}
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return hashKey;
}
I am getting the "Invalid key hash" error on my Android even though my app is in production and the facebook app is set as public. If I put the key hash into the facebook settings it works fine, but I suppose this would only work on my own device. What am I getting wrong here?
You have to create a release apk and print keyhash using this method. and set that keyHash in fb consol.
public static void printHashKey(Context context)
{
// Add code to print out the key hash
try {
PackageInfo info = context.getPackageManager().getPackageInfo(
com.example.app.BuildConfig.APPLICATION_ID,
PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.d("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
Follow this steps for solution.
Paste this code in your activity.
public static void printHashKey(Context context)
{
// Add code to print out the key hash
try
{
PackageInfo info = context.getPackageManager().getPackageInfo( com.example.app.BuildConfig.APPLICATION_ID, PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures)
{
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.d("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
}
catch (PackageManager.NameNotFoundException e)
{
e.printStackTrace();
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
}
Sign your APK.(release APK)
Install generated signed APK to your mobile
Connect your phone with pc.
Now open screen where you put above code.
Here your can see new HashKey in logcat
Paste this HashKey in Facebook developer site where you app created.
Enjoy with your application.
im using this code to get app is signed by me or not.
String SIGNATURE = "HmdQ7mF9uZ2unNb8qz1HEuD+iT4=";
try {
PackageInfo packageInfo = context.getPackageManager()
.getPackageInfo(context.getPackageName(),
PackageManager.GET_SIGNATURES);
for (Signature signature : packageInfo.signatures) {
byte[] signatureBytes = signature.toByteArray();
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
final String currentSignature = Base64.encodeToString(md.digest(), Base64.DEFAULT);
Log.d("1",currentSignature);
Log.d("2",SIGNATURE);
Log.d("equals:",
currentSignature.equals(SIGNATURE)?"true":"false");
}
} catch (Exception e) {
}
logcat contains is:
1 HmdQ7mF9uZ2unNb8qz1HEuD+iT4=
2 HmdQ7mF9uZ2unNb8qz1HEuD+iT4=
equals : false
strings is equals but logcat not say this!
whats problem?
Try this,
if(currentSignature.trim().equals(SIGNATURE.trim()))
{
Log.d("TAG","equal");
}
else
{
Log.d("TAG","not equal");
}
I m getting invalid key hash in the application I'm providing social media login functionality.
When I am logging first time using Facebook app installed on my device it works well but for second time it gives me invalid key hash error.
log that key hash and add that in facebook developer
private void onCreateHashKey() {
try {
PackageInfo info = getPackageManager().getPackageInfo(
"your.package",
PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.e("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (PackageManager.NameNotFoundException e) {
} catch (NoSuchAlgorithmException e) {
}
}