question

vm3vuy avatar image
vm3vuy asked

How to get MD5 key in Android App keystore for applying Amazon api key?

i posted this topic once but no answer so far , so now i re-post it again....

How to get MD5 key in Android App keystore for applying Amazon api key?

I am building a Android Companion App for my AVS Alexa-enabled device, Companion App is responsible to help Alexa-enabled device to get authentication to access Amazon Services.

At the first , Android Companion App need a api-key pre-generated from Amazon Server to get authentication to device.

So i try to generate Amazon api-key by following this illustration "To enable Login with Amazon for Android, you have to specify the package name and signature for the app project. Login with Amazon will use these values to generate an API key" ,

in this doc

https://developer.amazon.com/docs/login-with-amazon/register-android.html#add-android-settings

The doc recommend to generate Android App Keystore in advance by this cmd

"keytool -genkey -v -keystore my-release-key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias",

at the topic "Build and sign your app from command line" in this doc https://developer.android.com/studio/publish/app-signing

After i generate my own Android App Keystore , i found there are only SHA1 and SHA256 in keystore after build , no MD5 key included.

The first doc suppose us to get both MD5 and SHA256 key after building Keystore , not only SHA1 and SHA256 key.

https://drive.google.com/open?id=1UE9yBee4POZRzV4SC1HQK_MQyTluER_F

Use this cmd to check "keytool -list -v -keystore Argot_AndroidApp_KeyStore"

CN=jack hsu, OU=RD, O=PowerRay, L=taipei city, ST=taipei city, C=TW

CN=jack hsu, OU=RD, O=PowerRay, L=taipei city, ST=taipei city, C=TW

SN: 2b3ff9da

Verify Date: Sun Jun 03 11:24:10 CST 2018 到: Thu May 28 11:24:10 CST 2043

Certificate Fingerprints :

SHA1: 01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef

SHA256: 01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef

And the Amazon Api-key applying webpage requesting both MD5 and SHA256 key for applying.

https://drive.google.com/open?id=1TdXJMJLT74fDqTT5kwPBWHelXI0tgrgn

So missing MD5 info , therefore i can't build correct api-key for my device.

This issue has pending for weeks , anyone knows about this , pls help about this issue .

Thank u guys

Jack hsu

app
1 comment
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

vm3vuy avatar image vm3vuy commented ·

this issue has pending for weeks...........

Amazon Developer pls help about this issue ~~~

thank u guys so much ~~~~~

0 Likes 0 ·
Levon@Amazon avatar image
Levon@Amazon answered

Hi Jack,

Thank you for posting! The easiest way to find out the MD5 info is to do the following:

- login to your Dev Portal account, then click on your app name in Apps & Services

- switch to the "APK info" tab and click on the "Appstore Certificate Hashes" link

You should see a popup box displaying various certificate info, among which you will see MD5 as well. Thanks!

(see my other answer for an alternative way of getting that info)


10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Levon@Amazon avatar image
Levon@Amazon answered

Another way of finding your app's MD5 signature, is to open your project in Android Studio, then click the "Gradle" tab in the top-right corner, expand your app's entry, then expand Tasks, then Android, and double click on "signing report". After a few seconds the IDE will generate a report in the status area at the bottom, where you will see MD5 info as well. Thanks!


10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Bilal Pasha avatar image
Bilal Pasha answered

You can get release md5 by doing some tweaks to your app build.gradle file.

The only way proper md5 is generated is by going android studio --> gradle tab on top right corner --> executing signing report as answered by @Levon@Amazon. On executing signing report you will see md5 generated for Variant : debug but in case for Variant : release it just show Config : none.

The solution is that you need to tell the gradle file about your signing credentials (keystone, passwords). Here are the steps

1) Copy your release keystore file in project --> app directory

2) Then in your app build.gradle file add your signing credentials

android {
    compileSdkVersion 28
    buildToolsVersion "28.0.3"
    defaultConfig {
        multiDexEnabled true
        applicationId packageName
        minSdkVersion 19
        targetSdkVersion 28
        versionCode appVersionCode
        versionName appVersionName
        compileOptions {
            sourceCompatibility JavaVersion.VERSION_1_8
            targetCompatibility JavaVersion.VERSION_1_8
        }
    }

    signingConfigs {
        release {
            keyAlias 'YOUR_KEYSTORE_ALIAS'
            keyPassword 'YOUR_KEYSTORE_ALIAS_PASSWORD'
            storeFile file('keystore') //Assuming your keystore file name (copied to app folder) is "keystore"
            storePassword 'YOUR_KEYSTORE_PASSWORD'
        }
    }

3) And then in your app build.gradle

buildTypes {
    release {
        minifyEnabled false
        shrinkResources false
        zipAlignEnabled false
        proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        buildConfigField "boolean", "IS_DEBUG_ABLE", 'false'
        signingConfig signingConfigs.release    // Add this line 
    }
    debug {
        // this means proguard is active or not
        minifyEnabled false
        shrinkResources false
        zipAlignEnabled false
        proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        buildConfigField "boolean", "IS_DEBUG_ABLE", 'true'
    }
}

4) Now click the "Gradle" tab in the top-right corner, expand your app's entry, then expand Tasks, then Android, and double click on "signing report". It will now generate MD5/SHA1/SHA-256 for both debug and release variants.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Paul Crinigan avatar image
Paul Crinigan answered

I had some trouble with this, eventually figured it out in Android Studio but I actually figured out how to solve this right from the command line without Android Studio. This problem will be more common as keytool doesn't give the MD5 anymore and over time more and more people won't have the old version that gives the md5 value. Anyway, openssl can convert it for you if you pipe the keytool output to it, and at first looks different than what amazon wants in the md5 field but I verified and it's the same value.

Run Command:

keytool -exportcert -v -alias alias -keystore "path\to\keystore\my.keystore" | openssl dgst -md5

The output will be a 32 character string, with no colons ":" in it, and Amazon is looking for 16 2 character hex values separated by ":". So just add the colons every 2 characters and there you will have your MD5 value. You should also upper case the letters but I don't think that matters (not sure). Those with Android Studio signing reports can verify.

10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.