How to generate 11 char hash key for Sms Retriever with Google App signing
Solution 1
Here is the complete step by step guide .
- Go to play console -> open app -> Release management -> App Signing -> Download Certificate . Like in below screen shot
This will give you deployment_cert.der
file
- Convert the
deployment_cert.der
file to a.jks
file
use below command
keytool -importcert -alias YOUR_ALIAS -file deployment_cert.der -keystore certificate.jks -storepass YOUR_PASSWORD
Replace YOUR_ALIAS,YOUR_PASSWORD with yours which used in keystore . In place of deployment_cert.der
use complete path if required
After entering this command it will ask
Trust this certificate? [no]: yes
type yes and click enter . It will show message
Certificate was added to keystore
This will generate a new file certificate.jks
-
Now in terminal enter command
keytool -exportcert -alias YOUR_ALIAS -keystore certificate.jks | xxd -p | tr -d "[:space:]" | echo -n YOUR_PACKAGE `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11
Replace YOUR_ALIAS,YOUR_PACKAGE with yours which used in keystore,project . In place of certificate.jks
use complete path if required
it will ask for password
Enter keystore password: mypassword
enter your password and you will get the hash .
EDIT For MacOS users:
If you're using MacOS you can install sha256sum by installing coreutils like this:
brew install coreutils
Or you can use shasum -a 256
instead of sha256sum
like this:
keytool -exportcert -alias YOUR_ALIAS -keystore certificate.jks | xxd -p | tr -d "[:space:]" | echo -n YOUR_PACKAGE `cat` | shasum -a 256 | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11
Credits to Abhinav Gupta and Op of this question Farhan Farooqui and above answer from Nick Fortescue
Solution 2
As default bash commands were not working for me and I needed to generate hashes for both local keystore and Google Play certificate, I wrote my own Ruby script for that: https://github.com/michalbrz/sms-retriever-hash-generator/blob/master/google_play_sign.rb
Then generating hash with Google Play signing is just:
ruby google_play_sign.rb --package com.your.app --google-play-key deployment_key.der
where deployment_key.der
is certificate downloaded from Google Play as in Nick's response.
Under the hood it transforms Google Play cert into keystore and basically does what other suggested bash commands do, but wraps it in something easier to use.
Solution 3
In the help documents for Google Play App Signing it has a section "New Apps". Step 4 in this section is:
Step 4: Register your app signing key with API providers If your app uses any API, you will usually need to register the certificate of the key Google signs your app with for authentication purposes. This is usually done through the fingerprint of the certificate.
To find the certificate of the key Google uses to re-sign your APK for delivery:
- Sign in to your Play Console.
- Select an app.
- On the left menu, click Release management > App signing.
- From this page, you can copy the most common fingerprints (MD5, SHA-1 and SHA-256) of your app signing certificate. If the API provider requires a different type of fingerprint, you can also download the original certificate in DER format and run it through the transformation tools that the API provider requires.
Download the original certificate in DER format and then use your command on that certificate.
Solution 4
I know I replied very late. But I got the solution for this.
First follow the steps given by Manoher Reddy as above.
If this not work, try following alternate solution, it worked for me in various apps:
provide the play store generated hash to backend. For generating hash key on playstore, i have used AppSignatureHelper class and make Toast for the generated hash key and upload this build on play store. After successfully rollout, i have download the build. Now Toast will show with the playstore generated hash key, provide this key to backend. It is working fine for me.
Solution 5
These steps worked for me on Mac big sur:
➜ keytool -importcert -alias my-upload-key-alias -file deployment_cert.der -keystore certificate.jks -storepass notARealPassword
...
Trust this certificate? [no]: yes
Certificate was added to keystore
➜ keytool -exportcert -alias my-upload-key-alias -keystore certificate.jks | xxd -p | tr -d "[:space:]" | xargs echo -n com.myapp | shasum -a 256 | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11
Enter keystore password: notARealPassword
6bAhwera2r5
6bAhwera2r5
is the output 11 char hash key.
Related videos on Youtube
![Farhan Farooqui](https://i.stack.imgur.com/qHxAX.jpg?s=256&g=1)
Farhan Farooqui
Updated on June 14, 2022Comments
-
Farhan Farooqui about 2 years
I had generated the 11 char hash using the
AppSignatureHelper
class. But after uploading the apk to play store, they hash doesn't work anymore. And I found out that Play replaces the key with another one which is why the hash gets changed as well. Now I'm having trouble getting the 11 char hash key.I don't know how to use the commands given by Google. I found this command from here
keytool -exportcert -alias MyAndroidKey -keystore MyProductionKeys.keystore | xxd -p | tr -d "[:space:]" | echo -n com.example.myapp `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11
Since, Play App signing is enabled for my app, I'll have to use this command,
keytool -exportcert -keystore MyProductionKeys.keystore | xxd -p | tr -d "[:space:]" | echo -n com.example.myapp `cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11
I've replaced
keytool
with its path from the JDK's bin folder but then it was sayingxxd
was not recognized so I downloaded it from a website now it's sayingtr
is not recognized, I guess it'll say that forcut
as well.Please pardon me if it seems too noob of me asking it, but how can I resolve this?
UPDATE: I've tried the second command from above on a linux machine, the command worked and gave me 11 character hash but still the SMS Retriever is not working.
SOLUTION: With the help of Nick Fortescue's answer, I downloaded the DER formatted file. Then converted it to a .jks file using the following command,
keytool -importcert -alias myalias -file deployment_cert.der -keystore certificate.jks -storepass mypassword
Then performed the first command from above on certificate.jks and it worked!
-
Ankit Kumar Singh over 5 yearsHow to generate hash into windows machine, because I am also facing same issue. xxd, tr, ... not recognized.
-
Farhan Farooqui over 5 years@AnkitKumarSingh I used Linux. I don't know how to do it on Windows.
-
Rafay Ali over 5 years@AnkitKumarSingh You can use bash terminal to execute that command on Windows.
-
Hemendra Khatik over 2 yearscan someone please explain do I need to replace MyProductionKeys.keystore with my keystore or it's a part of command
-
Farhan Farooqui over 2 years@HemendraKhatik replace it with your own keystore
-
-
Farhan Farooqui almost 6 yearsHi, thanks for your reply. I've found the DER formatted file, Now I just have to replace
MyProductionKeys.keystore
with the DER file's path in the command? -
Farhan Farooqui almost 6 yearsI had used the SHA-256 before and tried to get the 11 char Hash, but that doesn't work either, SMS Retriever can't detect it
-
sandeepmaaram over 5 yearsI got below error : keytool error: java.lang.Exception: Public keys in reply and keystore don't match
-
Vipul Asri over 5 years
keytool -exportcert -alias MyAndroidKey -keystore MyProductionKeys.keystore | xxd -p | tr -d "[:space:]" | echo -n com.example.myapp
cat` | sha256sum | tr -d "[:space:]-" | xxd -r -p | base64 | cut -c1-11` this command needs alias which is not provided with Play provided DER file. -
S.P. about 5 yearsI'm getting this doing your command, some suggestion why I can't get the hash: ruby google_play_sign.rb --package com.xxxx.xxxx --google-play-key deployment_key.der Traceback (most recent call last): 2: from google_play_sign.rb:86:in
<main>' 1: from google_play_sign.rb:59:in
der_to_keystore' google_play_sign.rb:59:in ``': No such file or directory - keytool -importcert -alias myalias -file deployment_key.der -keystore gp_imported_keystore_temp.jks -storepass mypassword -noprompt (Errno::ENOENT) -
Manohar about 5 yearsUse alias you used in main keystore file
-
Racer about 5 yearsThe perfect solution, Works!! Thanks. I had to read a bunch of app's signing process to get my head around it.
-
michalbrz about 5 years@S.P. Simple explanation would be that your
deployment_key.der
doesn't exists. Are you sure you are putting correct path there? If you're sure, you can check if commandkeytool -importcert -alias myalias -file DER_FILE_PATH -keystore gp_imported_keystore_temp.jks -storepass pwd -noprompt
would work for you - of course you should substitute DER_FILE_PATH with real path. -
Sachin over 4 yearsHi I'm getting following error, keytool error: java.lang.Exception: Public keys in reply and keystore don't match
-
M.Yogeshwaran over 4 yearsfor me hashstring not generating after entering the password in mac
-
Pawan asati over 4 yearsI followed all the steps and got the hash key. I added the hash key to my SMS. But still, it is not working on play store apk.
-
Manohar over 4 yearsMay be you entered wrong password in the last step , use your jks/keystore password
-
PNR almost 4 yearsyes, unfortunalty my log was enabled and it was printed new key(with appSignatureHelper calss) with play store apk and its woking fine
-
JainAnk almost 4 yearsfor mac if <echo -n YOUR_PACKAGE
cat
> doesn't work, replace it with <xargs echo -n YOUR_PACKAGE> -
Akshay kumar over 3 yearsHow do I get the hash key if my app is still in development and I did not signin with Google?
-
Manohar over 3 years@Akshaykumar see stackoverflow.com/questions/53849023/…
-
Kuvonchbek Yakubov over 3 yearsIt does not ask
password
for me, and shows error: <some code>tr: write error
-
Manohar over 3 yearsmake sure your the command, ALIAS, Application id are correct .
-
Kuvonchbek Yakubov over 3 years@ManoharReddy it showed
hashCode
but release version still is not getting SMS -
Manohar over 3 yearsIf it didn't ask for password then it will give wrong value . Only with correct password you will get right hashcode
-
Egemen Hamutçu over 3 yearsYou won't need to download certficate from Play Console if you have already jks or extensionless keystore file. Use it to get the hash key.
-
Akbar Pulatov about 2 yearsHelp! Stuck after entering password.