How do I get the signature checksum of my APK that is signed with only the v2 scheme?

Question

I previously posted a question on how to get the signature checksum of my APK here: How do I get the signature checksum of my APK?

The answer is perfect if an app is signed with the v1 signature scheme or the combination v1/v2 signature schemes. (Jar and Full APK Signatures)

However, since my app will only be running on Android O or greater (it is a device specific app), I will only be signing it with the APK signature scheme v2 (v2 scheme).

I will be using EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM. See: https://developer.android.com/reference/android/app/admin/DevicePolicyManager.html for details.

How do I get the APK (v2) signature checksum of my app that I can use in my key/value pair for NFC provisioning a device owner app?

Answer 1

To build on the example How do I get the signature checksum of my APK? you mentioned:

apksigner verify -print-certs [path to your apk] | grep -Po "(?<=SHA-256 digest:) .*" | xxd -r -p | openssl base64 | tr -d '=' | tr -- '+/=' '-_'

The "signature checksum" you're referring to is the URL-safe Base64 encoded SHA-256 digest of the APK's signing cert. apksigner verify --print-certs prints the various digests of the APK's signing certs, regardless of whether the APK is JAR signed, APK Signature Scheme v2-signed, or both.

apksigner is distributed via Android SDK Build Tools 24.0.3 and newer (except for 26.0.0 which is accidentally missing apksigner). https://developer.android.com/studio/command-line/apksigner.html