How do I find out which keystore was used to sign an app

Question

I have an app which is signed and several keystore files  I d like to update the app  so I need to find out which one of keys was used   How can I match which keystore was used to originally sign my app against various keystores I have on my machine

User · Answer

You can use Java 7 s Key and Certificate Management Tool keytool to check the signature of a keystore or an APK without extracting any files  Signature of an APK or AAB   APK file keytool -printcert -jarfile app apk    AAB file keytool -printcert -jarfile app aab  The output will reveal the signature owner issuer and MD5  SHA1 and SHA256 fingerprints of the APK file app apk or AAB file app aab   Note that the -jarfile argument was introduced in Java 7  see the documentation for more details   Signature of a keystore keytool -list -v -keystore release jks  The output will reveal the aliases  entries  in the keystore file release jks  with the certificate fingerprints  MD5  SHA1 and SHA256   If the SHA1 fingerprints between the APK and the keystore match  then you can rest assured that that app is signed with the key

User · Answer

To build on Paul Lammertsma s answer  this command will print the names and signatures of all APKs in the current dir  I m using sh because later I need to pipe the output to grep    find   -name    apk  -exec echo  APK         -exec sh -c  keytool -printcert -jarfile           Sample output   APK    com google android youtube-10 39 54-107954130-minAPI15 apk Signer  1   Signature   Owner  CN Unknown  OU  Google  Inc   O  Google  Inc   L Mountain View  ST CA  C US Issuer  CN Unknown  OU  Google  Inc   O  Google  Inc   L Mountain View  ST CA  C US Serial number  4934987e Valid from  Mon Dec 01 18 07 58 PST 2008 until  Fri Apr 18 19 07 58 PDT 2036 Certificate fingerprints           MD5   D0 46 FC 5D 1F C3 CD 0E 57 C5 44 40 97 CD 54 49          SHA1  24 BB 24 C0 5E 47 E0 AE FA 68 A5 8A 76 61 79 D9 B6 13 A6 00          SHA256  3D 7A 12 23 01 9A A3 9D 9E A0 E3 43 6A B7 C0 89 6B FB 4F B6 79 F4 DE 5F E7 C2 3F 32 6C 8F 99 4A          Signature algorithm name  MD5withRSA          Version  1  APK    com google android youtube 10 40 56-108056134 minAPI15 maxAPI22 armeabi-v7a  480dpi  apk Signer  1   Signature   Owner  CN Unknown  OU  Google  Inc   O  Google  Inc   L Mountain View  ST CA  C US Issuer  CN Unknown  OU  Google  Inc   O  Google  Inc   L Mountain View  ST CA  C US Serial number  4934987e Valid from  Mon Dec 01 18 07 58 PST 2008 until  Fri Apr 18 19 07 58 PDT 2036 Certificate fingerprints           MD5   D0 46 FC 5D 1F C3 CD 0E 57 C5 44 40 97 CD 54 49          SHA1  24 BB 24 C0 5E 47 E0 AE FA 68 A5 8A 76 61 79 D9 B6 13 A6 00          SHA256  3D 7A 12 23 01 9A A3 9D 9E A0 E3 43 6A B7 C0 89 6B FB 4F B6 79 F4 DE 5F E7 C2 3F 32 6C 8F 99 4A          Signature algorithm name  MD5withRSA          Version  1     Or if you just care about SHA1   find   -name    apk  -exec echo  APK         -exec sh -c  keytool -printcert -jarfile        grep SHA1      Sample output   APK    com google android youtube-10 39 54-107954130-minAPI15 apk          SHA1  24 BB 24 C0 5E 47 E0 AE FA 68 A5 8A 76 61 79 D9 B6 13 A6 00 APK    com google android youtube 10 40 56-108056134 minAPI15 maxAPI22 armeabi-v7a  480dpi  apk          SHA1  24 BB 24 C0 5E 47 E0 AE FA 68 A5 8A 76 61 79 D9 B6 13 A6 00

User · Answer

Much easier way to view the signing certificate    jarsigner exe -verbose -verify -certs myapk apk   This will only show the DN  so if you have two certs with the same DN  you might have to compare by fingerprint

User · Answer

First  unzip the APK and extract the file  META-INF ANDROID  RSA  this file may also be CERT RSA  but there should only be one  RSA file     Then issue this command   keytool -printcert -file ANDROID  RSA   You will get certificate fingerprints like this        MD5   B3 4F BE 07 AA 78 24 DC CA 92 36 FF AE 8C 17 DB      SHA1  16 59 E7 E3 0C AA 7A 0D F2 0D 05 20 12 A8 85 0B 32 C5 4F 68      Signature algorithm name  SHA1withRSA   Then use the keytool again to print out all the aliases of your signing keystore   keytool -list -keystore my-signing-key keystore   You will get a list of aliases and their certificate fingerprint   android key  Jan 23  2010  PrivateKeyEntry  Certificate fingerprint  MD5   B3 4F BE 07 AA 78 24 DC CA 92 36 FF AE 8C 17 DB   Voila  we can now determined the apk has been signed with this keystore  and with the alias  android key    Keytool is part of Java  so make sure your PATH has Java installation dir in it

User · Answer

There are many freewares to examine the certificates and key stores such as KeyStore Explorer   Unzip the apk and open the META-INF   RSA file    shall be CERT or ANDROID or may be something else  It will display all the information associated with your apk

User · Answer

You can do this with the apksigner tool that is part of the Android SDK   apksigner verify --print-certs my app apk  You can find apksigner inside the build-tools directory  For example    Library Android sdk build-tools 29 0 1 apksigner

[android] How do I find out which keystore was used to sign an app?

Signature of an APK or AAB

Signature of a keystore

Examples related to android

Examples related to digital-signature

Examples related to android-keystore