🍪Getting Signing Certificate Hash

This guide provides step-by-step instructions for getting the Base64-encoded signing certificate hash for your Talsec configuration.

What is Signing Certificate Hash?

All Android apps must be signed with a digital certificate before installation. The signing certificate SHA-256 hash in Base64 form - which we'll refer to as the hash for short, also known as a fingerprint -is the certificate's unique identifier, crucial for security and integrity. The Talsec SDK uses this hash for app tampering detection.

What the Signing Certificate Hash Guarantees?

The hash guarantees that:

  • The app's origin is verified, preventing malicious actors from distributing fake or modified versions.

  • Only the original developer can provide updates, ensuring a secure upgrade path.

  • Third-party services and APIs can authenticate the app before granting access.

Choose Your Signing Method

The first step is to determine which app signing method you're using.

If you're using Google Play App Signing, a very common practice for Android App Bundles (AAB) distribution, your upload key and distribution key are distinct. So, be sure to use the app signing certificate key from the Google Play Console. Proceed with the Google Play App Signing Method.

If you're managing your own signing key (Manual App Signing), you'll need to generate the hash yourself from your keystore, proceed with the Manual App Signing Method.

Continue with the method that matches your signing process ➡️

Last updated