How to Obtain SHA-1 and SHA-256 Fingerprints for Your Android App — With or Without Android Studio

If you're developing an Android app and need to register it with services like Firebase, Google Maps, or Facebook, you'll often be required to provide your app's SHA-1 and SHA-256 fingerprints. This blog will guide you through obtaining these fingerprints, whether you're using Android Studio or not.

📖 Table of Contents

1. What Are SHA-1 and SHA-256 Fingerprints?

2. How to Obtain SHA-1 and SHA-256 Fingerprints Using Android Studio

3. How to Obtain SHA-1 and SHA-256 Fingerprints Without Android Studio

4. Using Play App Signing to Obtain Fingerprints

5. Generating Key Hash for Services Like Facebook Login

6. FAQs

🔐 What Are SHA-1 and SHA-256 Fingerprints?

• SHA-1: A cryptographic hash function that generates a unique fingerprint for your app's signing certificate.

• SHA-256: A more secure and longer version of SHA-1.

These fingerprints are essential for integrating your app with services like Firebase, Google APIs, and Facebook.

🛠️ How to Obtain SHA-1 and SHA-256 Fingerprints Using Android Studio

1. Using Gradle's signingReport Command

1. Open the Terminal tab in Android Studio.(Google for Developers)

2. Run the following command:

   • Windows:

     gradlew signingReport
     

   • macOS/Linux:

     ./gradlew signingReport
     

3. The output will display the SHA-1 and SHA-256 fingerprints for your app's signing variants.(Android Developers)

2. Enabling Gradle Task List

If you don't see the signingReport task:

1. Go to File > Settings (or Android Studio > Preferences on macOS).

2. Navigate to Build, Execution, Deployment > Compiler.

3. Uncheck Do not build Gradle task list during Gradle sync.

4. Sync your project.

5. Now, you can find signingReport under Gradle > Tasks > android.

🧰 How to Obtain SHA-1 and SHA-256 Fingerprints Without Android Studio

If you're not using Android Studio, you can use the keytool utility provided with Java:

1. Open a terminal or command prompt.

2. Run the following command for your keystore:

   keytool -list -v -keystore <path-to-your-keystore> -alias <your-key-alias>
   

Replace <path-to-your-keystore> with the path to your keystore file and <your-key-alias> with your key alias.

3. Enter the keystore password when prompted.

4. The output will display the SHA-1 and SHA-256 fingerprints.

🛡️ Using Play App Signing to Obtain Fingerprints

If you've opted into Play App Signing:

1. Visit the Play App Signing page.

2. Select your app.

3. Under App Signing Certificate, you'll find the SHA-1 and SHA-256 fingerprints.

These fingerprints are used for services like Firebase and Google APIs.

🔑 Generating Key Hash for Services Like Facebook Login

Some services, like Facebook Login, require a key hash:

1. Obtain your SHA-1 fingerprint using the methods above.

2. Convert the SHA-1 fingerprint to Base64:

   echo <your-sha1-fingerprint> | xxd -r -p | openssl base64
   

Replace <your-sha1-fingerprint> with your actual SHA-1 fingerprint.

3. Use the resulting Base64 string as your key hash.

❓ FAQs

Q1: Can I use only the debug SHA-1 for production?

No, for production, you should use the release SHA-1 fingerprint.

Q2: How do I know which SHA-1 to use?

Use the SHA-1 from your app's release keystore for production environments.

Q3: What if I lose my keystore?

If you lose your keystore, you won't be able to update your app. It's crucial to back up your keystore and its credentials.(Google Help)