Manual App Signing Method

Step 1: Use Your Release Keystore to Get the SHA-256 Hash

A common mistake is using the wrong signing key, which will cause the Talsec SDK to flag your app as a security risk. To avoid this, you must use the keystore that signs your app for public release.

Here’s the difference:

• Debug Keystore: Created automatically by Android Studio. DO NOT USE THIS ONE. It is insecure and only for development purposes.

• Release Keystore: The secure keystore you create and manage. USE THIS ONE. It's what permanently ties your app to you as the developer.

If you haven't created a release keystore yet, the official Android App Signing guide will walk you through the process.

Step 2: Retrieve SHA-256 Hash

You can use tools like keytool or apksigner to retrieve certificate details, including the SHA-256 hash. Choose whichever is most convenient: get the hash from your signed release APK or directly from your release keystore:

keytool -printcert -jarfile app.apk
// OR:
apksigner verify --print-certs app.apk

keytool -list -v -keystore <path_to_your_keystore_file> -alias <your_alias_name>

keytool -list -v -keystore /Users/johndoe/my-release-key.jks -alias my-release-app-alias

This command will output the certificate details, including the SHA-256 hash, which will look something like this:

SHA256: 88:8C:7F:02:D6:2E:ED:3A:53:BB:9C:A6:6B:82:5C:0D:78:A8:E5:B6:B2:11:28:BC:F5:AC:67:C8:E0:A3:7C:5A

You'll need this value for the next step.

Step 3: Convert the SHA-256 Hash to Base64 Format

Convert the hash to Base64 format, as the SDK requires it in this format. Follow the steps in this section ➡️