Authenticating Your Client

Certain Google Play services (such as Google Sign-in and App Invites) require you to
provide the SHA-1 of your signing certificate so we can create an OAuth2 client and
API key for your app.

Using Play App Signing

If you've published your app using Play App Signing
(https://developer.android.com/studio/publish/app-signing#app-signing-google-play), a
requirement when using Android App Bundle
(https://developer.android.com/platform/technology/app-bundle), you can get your SHA-1
from the Google Play Console
(https://developer.android.com/studio/publish/app-signing#api-providers) on the Release >
Setup > App Integrity page.

Self-signing Your Application

If you're not using Play App Signing, follow the instructions below to use Keytool or
Gradle's Signing Report to get your SHA-1.

Using Keytool on the certificate

Open a terminal and run the keytool utility provided with Java to get the SHA-1
fingerprint of the certificate. You should get both the release and debug certificate
fingerprints.

To get the release certificate fingerprint:

keytool -list -v \
-alias <your-key-name> -keystore <path-to-production-keystore>

To get the debug certificate fingerprint:

Mac/LinuxWindows (#windows)
(#maclinux)

keytool -list -v \
-alias androiddebugkey -keystore ~/.android/debug.keystore

The keytool utility prompts you to enter a password for the keystore. The default
password for the debug keystore is android. The keytool then prints the fingerprint to
the terminal. For example:

Certificate fingerprint: SHA1: DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:

Note: When using Play App Signing, the upload key certificate will be different than the app signing
key certificate.

Using Keytool on an APK or AAB

To get the certificate of an application binary:

# APK file
keytool -printcert -jarfile app.apk

# AAB file
keytool -printcert -jarfile app.aab

Note: When using Play App Signing, the signature of the binary signed by the upload key certificate
will be different than the binary distributed by Google Play.

Using Gradle's Signing Report

You can also get the SHA-1 of your signing certificate using the Gradle
signingReport command:

$ ./gradlew signingReport

The signing report will include the signing information for each of your app's variants:

> Task :app:signingReport

Variant: debug
Config: debug
Store: ~/.android/debug.keystore
Alias: AndroidDebugKey
MD5: A5:88:41:04:8D:06:71:6D:FE:33:76:87:AC:AD:19:23
SHA1: A7:89:E5:05:C8:17:A1:22:EA:90:6E:A6:EA:A3:D4:8B:3A:30:AB:18
SHA-256: 05:A2:2C:35:EE:F2:51:23:72:4D:72:67:A5:6C:8C:58:22:2A:00:D6:DB:F
Valid until: Wednesday, August 10, 2044

To learn more about digital signing on Android, see Signing Your Applications
(//developer.android.com/tools/publishing/app-signing.html).

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution
4.0 License (https://creativecommons.org/licenses/by/4.0/), and code samples are licensed under the
Apache 2.0 License (https://www.apache.org/licenses/LICENSE-2.0). For details, see the Google
Developers Site Policies (https://developers.google.com/site-policies). Java is a registered trademark
of Oracle and/or its affiliates.

Last updated 2024-06-05 UTC.