Android APK built from android studio and console have different SHA fingerprints

Question

While building signed release APK I've come across the following: if I build signed apk from android studio (via Build -> Generate Signed APK...) with build.gradle file like this (only relevant parts):

signingConfigs {
    release {
        storeFile file('/keystore/location/mykeystore.keystore')
        storePassword 'storepassword'
        keyAlias 'key'
        keyPassword 'keypassword'
    }
}
buildTypes {
    release {
        signingConfig signingConfigs.release
    }
}

The resulting apk fingerprint is YY:YY.
However, if I build my APK from console as described here with build.gradle like this:

buildTypes {
    release {
    }
}

And sign it with the same keystore file, the resulting apk fingerprint is XX:XX.

Also, both SHA fingerprints are different from my debug certificate SHA fingerprint. What's the cause of such behaviour?

I'm using buildToolsVersion 23.0.0
android studio gradle version 1.3.0
android sdk tools version 24.3.4
android studio version 1.3.1

Answer 1

Did you check the contents of the keystore? The fingerprint has to match one of the certificates. It is possible to have multiple certificates in your keystore, perhaps a different one is being used during signing from the console? You can check the certificates by running the following command:

keytool -v -list -keystore /path/to/keystore

enter the password for the keystore and you should get a list of the aliases. I'd also check the debug keystore to make sure there aren't other certificates there.

The only other possibility I can think of is a path issue that is causing a different keystore to be used.