Skip to content

Instantly share code, notes, and snippets.

@remylavergne

remylavergne/android-apk-signature.md

Last active November 29, 2021 11:29
Show Gist options
  • Save remylavergne/4134443463ffa17e60ba79462794c411 to your computer and use it in GitHub Desktop.
Save remylavergne/4134443463ffa17e60ba79462794c411 to your computer and use it in GitHub Desktop.
Download ZIP
[Android ] Verify APK Signature >26 with apksigner
Raw
android-apk-signature.md

Android APK Signature verification (>26)

Tool

Apksigner can be used to verify APK signature. It's a part of build-tools since version 26.

Where to find it ? (e.g.)

  • macOS : ~/Users/<your_user_name>/Library/Android/sdk/build-tools/<build-tools-version>/lib/
  • Windows : ?

How to use it

$ java -jar apksigner.jar verify --print-certs --verbose <file.apk>

Output (example)

Verifies
Verified using v1 scheme (JAR signing): false
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Number of signers: 1
Signer #1 certificate DN: O=remylavergne.dev
Signer #1 certificate SHA-256 digest: b852c0c82edcb9djnzn76ksdk222581ed5a58a1ec4aede861220af7f4be335ffe4
Signer #1 certificate SHA-1 digest: 5e5ada9b22b21e9c8d2mlf75291fbbc9fda62b1dd797
Signer #1 certificate MD5 digest: d5777b7dksdlk92cfs0ksdl1a90cdf4fd25ee8d57
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
Signer #1 public key SHA-256 digest: e4a9d79157ec09efb988ce937a69e9dkjdsqknc766580d1fc2a86ae76236502f
Signer #1 public key SHA-1 digest: 10352ca9ad9849djbqbd133c98f260e9e60d7004f29
Signer #1 public key MD5 digest: dc09054e53f1bczopa02427c6fb14b172013

Documentation - apksigner

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment