henriquemenezes · December 9, 2024 07:59 · Mar 9, 2018 · Feb 21, 2018 · Oct 11, 2017 · Jun 11, 2016
diff --git a/android-generate-keystores.md b/android-generate-keystores.md
@@ -55,6 +55,12 @@ $ jarsigner -verify -verbose -certs my_application.apk
 3. Get MD5 and SHA1 of keystore: `$ keytool -list -keystore signing-key.keystore`
 4. Compare MD5/SHA1 and if they are the same, so the APK was signed with `signing-key.keystore`.
 
+or
+
+Using gradle:
+
+`$ ./gradlew signingReport`
+
 ## Reference
 
 - https://coderwall.com/p/r09hoq/android-generate-release-debug-keystores

diff --git a/android-generate-keystores.md b/android-generate-keystores.md
@@ -48,6 +48,13 @@ $ keytool -list -v -keystore debug.keystore
 $ jarsigner -verify -verbose -certs my_application.apk
 ```
 
+## Verify APK keystore signature
+
+1. Unzip apk
+2. Get MD5 and SHA1 of certificate of APK: `$ keytool -printcert -file ./META-INF/ANDROID_.RSA`
+3. Get MD5 and SHA1 of keystore: `$ keytool -list -keystore signing-key.keystore`
+4. Compare MD5/SHA1 and if they are the same, so the APK was signed with `signing-key.keystore`.
+
 ## Reference
 
 - https://coderwall.com/p/r09hoq/android-generate-release-debug-keystores

diff --git a/android-generate-keystores.md b/android-generate-keystores.md
@@ -42,6 +42,12 @@ or
 $ keytool -list -v -keystore debug.keystore
 ```
 
+## Verify APK signature
+
+```bash
+$ jarsigner -verify -verbose -certs my_application.apk
+```
+
 ## Reference
 
 - https://coderwall.com/p/r09hoq/android-generate-release-debug-keystores

diff --git a/android-generate-keystores.md b/android-generate-keystores.md
@@ -40,4 +40,9 @@ or
 
 ```bash
 $ keytool -list -v -keystore debug.keystore
-```
+```
+
+## Reference
+
+- https://coderwall.com/p/r09hoq/android-generate-release-debug-keystores
+- https://developer.android.com/studio/publish/app-signing.html
diff --git a/android-generate-keystores.md b/android-generate-keystores.md
@@ -5,7 +5,7 @@
 ### Debug Keystore
 
 ```bash
-keytool -genkey -v -keystore debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "C=US, O=Android, CN=Android Debug"
+$ keytool -genkey -v -keystore debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "C=US, O=Android, CN=Android Debug"
 ```
 
 A debug keystore which is used to sign an Android app during development needs a specific alias and password combination as dictated by Google.
@@ -38,6 +38,6 @@ $ keytool -list -v -keystore debug.keystore -alias androiddebugkey -storepass an
 
 or 
 
-``bash
+```bash
 $ keytool -list -v -keystore debug.keystore
 ```
diff --git a/android-generate-keystores.md b/android-generate-keystores.md
@@ -0,0 +1,43 @@
+# Android: Generate Release/Debug Keystores
+
+## Generate Keystores
+
+### Debug Keystore
+
+```bash
+keytool -genkey -v -keystore debug.keystore -storepass android -alias androiddebugkey -keypass android -keyalg RSA -keysize 2048 -validity 10000 -dname "C=US, O=Android, CN=Android Debug"
+```
+
+A debug keystore which is used to sign an Android app during development needs a specific alias and password combination as dictated by Google.
+
+- Keystore name: "debug.keystore"
+- Keystore password: "android"
+- Key alias: "androiddebugkey"
+- Key password: "android"
+- CN: "CN=Android Debug,O=Android,C=US"
+
+### Release Keystore
+
+```bash
+$ keytool -genkey -v -keystore release.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
+```
+
+## Get Key Fingerprints
+
+To get the keystore certificate fingerprints you can do:
+
+```
+keytool -list -v -keystore [keystore path] -alias [alias-name] -storepass [storepass] -keypass [keypass] 
+```
+
+Ex.:
+
+```bash
+$ keytool -list -v -keystore debug.keystore -alias androiddebugkey -storepass android -keypass android 
+```
+
+or 
+
+``bash
+$ keytool -list -v -keystore debug.keystore
+```