Home/ Questions/Q 8788609
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T22:11:10+00:00

I am currently using this code to get the signature of my apk file

  • 0

I am currently using this code to get the signature of my apk file in Android

PackageManager pm = getPackageManager(); 
try { 
        PackageInfo info = pm.getPackageInfo(getPackageName(), PackageManager.GET_SIGNATURES); 
        Signature[] sig = info.signatures; 
        String sigstring = new String(sig[0].toChars()); 
        //Do something with signature. 
        System.out.println("Signature: " + sigstring);
        Log.i("TAG", "Signature: " + sigstring); 
        Toast.makeText(this, "Signature: " + sigstring, Toast.LENGTH_LONG).show();
} catch (NameNotFoundException e) { 
        e.printStackTrace(); 
}

which gives me the output of 

10-10 10:00:58.012: I/TAG(313): Signature: 308201e53082014ea0030201020204501829fd300d06092a864886f70d01010505003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3132303733313138353435335a170d3432303732343138353435335a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730819f300d06092a864886f70d010101050003818d0030818902818100d405c1549373bb8479ab7818793085dc49813aff9ed901699b457b23afff5df817f1bbcdd4da89a600a87b5785c870ad9ee1c54a3ce25184a0da7364953d0cd9e8965c9977854bd60dbd3e7a84c4daf525ca2816d33c40265b2563cb170a8cad10555a77700ce5daabeda5ee2829066747f5635ca740eceec714a53870f7233f0203010001300d06092a864886f70d0101050500038181005ac282bf6d158538db92fa32fadf431bf9631ecb0944d0934f096fdda53f510aaaa4c0ad425e497a94c4eba45136be01efe60b8379f0f1540b634fbcfd776f0b0fd52910f947f05593735d7b64c001d312dbf7006ba2c91190fbc7cea0098e44b45d46ca0248157979d757c2ee10e8cf8cfd4dbcaa5028d3449c1b5b72f68cba

But if i use the keytool on the same apk file i get this for the signature

C:\Users\Random>keytool -printcert -file C:\Users\Random\Desktop\CERT.RSA
Owner: CN=Android Debug, O=Android, C=US
Issuer: CN=Android Debug, O=Android, C=US
Serial number: 501829fd
Valid from: Wed Aug 01 02:54:53 SGT 2012 until: Fri Jul 25 02:54:53 SGT 2042
Certificate fingerprints:
         MD5:  39:A8:DB:4D:46:03:C5:22:18:0A:BC:18:C8:4C:39:D8
         SHA1: 88:6A:33:FF:81:18:5F:E5:A4:07:D7:8C:73:01:2D:23:A6:E5:F0:34
         Signature algorithm name: SHA1withRSA
         Version: 3

What are difference between this 2 signatures? and how do i get the same value as the one i got in Android using a PC

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The signatures obtained via PackageManager.getPackageInfo are certificates themselves in DER format (usually?).
    The file META-INF/CERT.RSA is a pkcs7 container, containing these certificates.

    • 0