How to retrieve a signature hash for facebook from a public private key pair?

Question

I'm using a version of signapk for one of my projects. I sign my apk with a public, private key pair (.pk8 & .pem).

My application uses the facebook single sign on mechanism and I need a hash of the signing certificate registered with facebook to ensure that the correct app is starting the single sign on process. Facebook gives the following example code for generating this hash:

keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore 
| openssl sha1 -binary
| openssl base64

I'm a little bit confused on how to generate the appropriate hash from my public key, private key pair that I use for signing.

Answer 1

This method works for you APK signed with your PK8 + PEM key pair. Or with any other (correctly) signed APK

1. Certificate could be known from *.apk file

   1. Unzip apk file and extract META-INF\CERT.RSA file

   2. execute:

          keytool -printcert -file CERT.RSA
      

      Check sha1 bytes

2. the bytes at sha1 fingerprint signature are needed to write to sha1.bin (you can use an hexadecimal editor)

3. just execute:

   openssl base64 -in sha1.bin -out base64.txt
   

so, base64.txt contains the APK's FB KeyHash

Answer 2

Facebook hash is actually the base64 encoding of SHA1.

So you have to generate sha1 from your certificate file that ends with .pem extension!..

Command to get SHA1 from a .pem file:- openssl x509 -fingerprint -in certificate.pem -noout

this command will return SHA1 of your .pem file, replace certicicate.pem with the name of your .pem file!...

After succesfully getting the SHA1 Now your task is to encode the SHA1 into base64 and there are alot of ways to do that, i recommend this website:

http://tomeko.net/online_tools/hex_to_base64.php?lang=en

go to this site write your SHA1 and in the last textbox you will received the encoded base64 that is the HASH for your facebook developer app!..