A Comprehensive Guide to Obtaining Signing Certificate SHA1 Fingerprint for OAuth 2.0 on Android

Introduction

In Android app development, integrating Google Play services such as Google Sign-in and App Invites often requires providing the SHA1 fingerprint of the signing certificate to create an OAuth 2.0 client and API key. Based on practical development experience, this article systematically introduces multiple methods to obtain the SHA1 fingerprint, ensuring developers can complete the configuration efficiently.

Obtaining SHA1 Fingerprint via Eclipse Export Wizard

For developers using Eclipse IDE, the most straightforward method is to use the export wizard to generate an APK file. In the final step of the export process, the system displays both MD5 and SHA1 certificate fingerprints. Specific steps include: initiating the export process, selecting the production key for signing, and viewing the fingerprint information on the final confirmation page. This method requires no additional command-line operations and is suitable for beginners.

Using Command-Line Keytool Utility

Keytool is a utility in the Java Development Kit (JDK) for managing keys and certificates. The basic command to obtain the SHA1 fingerprint is: keytool -list -v -keystore <keystore-path>. Here is a concrete example:

keytool -list -v -keystore /path/to/your/keystore.jks

After execution, the system prompts for the keystore password. Upon correct entry, the SHA1 fingerprint can be found in the output. For debug certificates, use the following command:

keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey -storepass android -keypass android

Here, ~/.android/debug.keystore is the default path for the debug keystore, and android is the default password. The output example includes MD5, SHA1, and SHA-256 fingerprints.

Gradle SigningReport Command

For projects using Android Studio or the Gradle build system, the signingReport task can quickly retrieve signing information. Execute the following in the project root directory:

./gradlew signingReport

This command outputs detailed signing information for all variants (e.g., debug and release), including keystore path, alias, and hash values (MD5, SHA1, SHA-256). For instance:

Variant: debug
Config: debug
Store: ~/.android/debug.keystore
Alias: AndroidDebugKey
MD5: A5:88:41:04:8D:06:71:6D:FE:33:76:87:AC:AD:19:23
SHA1: A7:89:E5:05:C8:17:A1:22:EA:90:6E:A6:EA:A3:D4:8B:3A:30:AB:18

This method eliminates the need to manually locate the keystore path and offers high automation.

Differences Between Debug and Production Certificates

During development, debug certificates can be used to obtain the SHA1 fingerprint for testing. Debug certificates are automatically generated by the Android SDK with fixed default paths and passwords. However, for official releases, production certificates must be used, and their fingerprints should be obtained via the export wizard or keytool command. Note that the SHA1 fingerprint of a debug certificate is only for development environments and should not be used in production.

Common Issues and Solutions

Developers often encounter MD5 fingerprints instead of SHA1, typically due to omitting the -v parameter. keytool -list defaults to showing MD5; adding -v displays detailed information including SHA1. Additionally, ensure the keystore path and alias are correct to avoid command failures from path errors.

Conclusion

Obtaining the SHA1 fingerprint is a critical step in integrating OAuth 2.0 into Android applications. This article has covered three methods: Eclipse export wizard, command-line keytool, and Gradle signingReport, catering to different development environments and needs. It is recommended to use debug certificates during development and production certificates for release, ensuring accurate fingerprint information.