# Manual App Signing Method

## Step 1: Use Your Release Keystore to Get the SHA-256 Hash

A common mistake is using the wrong signing key, which will cause the Talsec SDK to flag your app as a security risk. To avoid this, you must use the keystore that signs your app for public release.

Here’s the difference:

* **Debug Keystore**: Created automatically by Android Studio. **DO NOT USE THIS ONE**. It is insecure and only for development purposes.
* **Release Keystore**: The secure keystore you create and manage. **USE THIS ONE**. It's what permanently ties your app to you as the developer.

If you haven't created a release keystore yet, the [official Android App Signing guide](https://developer.android.com/studio/publish/app-signing#generate-key) will walk you through the process.

## **Step 2: Retrieve SHA-256 Hash**

You can use tools like `keytool` or `apksigner` to retrieve certificate details, including the SHA-256 hash. Choose whichever is most convenient: get the hash from your signed release APK or directly from your release keystore:

```sh
keytool -printcert -jarfile app.apk
// OR:
apksigner verify --print-certs app.apk
```

<details>

<summary>Alternative approach if you have a keystore file (.jks or .keystore)</summary>

```
keytool -list -v -keystore <path_to_your_keystore_file> -alias <your_alias_name>
```

* `-keystore <path_to_your_keystore_file>`: Specifies the full path to your keystore file. Replace `<path_to_your_keystore_file>` with the actual location of your `.jks` or `.keystore` file.
* `-alias <your_alias_name>`: Specifies the alias for the specific key you want to inspect within the keystore. Replace `<your_alias_name>` with the alias you created for your release key.

**Example:**

```
keytool -list -v -keystore /Users/johndoe/my-release-key.jks -alias my-release-app-alias
```

</details>

This command will output the certificate details, including the SHA-256 hash, which will look something like this:

```
SHA256: 88:8C:7F:02:D6:2E:ED:3A:53:BB:9C:A6:6B:82:5C:0D:78:A8:E5:B6:B2:11:28:BC:F5:AC:67:C8:E0:A3:7C:5A
```

You'll need this value for the next step.

## Step 3: Convert the SHA-256 Hash to Base64 Format

**Convert the hash to Base64 format**, as the SDK requires it in this format. Follow the steps in [**this section**](https://docs.talsec.app/freerasp/freerasp/wiki/getting-signing-certificate-hash/result-convert-the-sha-256-hash-to-base64-format) ➡️


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.talsec.app/freerasp/freerasp/wiki/getting-signing-certificate-hash/manual-app-signing-method.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.