azure signaturehash rejects my Base64 encoded SHA1 hash from debug.keystore

Question

I try to authentificate my xamarin app on azure.

To create the Base64 encoded SHA1 hash for my debug.keystore i used the suggested command:

keytool -exportcert -alias androiddebugkey -keystore %HOMEPATH%\.android\debug.keystore | openssl sha1 -binary | openssl base64

I get a result but it has 32 characters and gets rejected from azures frontend validation with the message:

The signature hash must be a Base64 encoded SHA1 hash.

If i use the placeholder or a substring of my hash it is working

2pmj9i4rSx0yEb/viWBYkE/ZQrk=       <- `Example from Azure (is working)`
aPz8/NARbPz8pPzg/Iz9aPz8NCg=       <- `some working example generated by me`
CAY/Pz8/NARbPz8pPzg/Iz9aPz8NCg==   <- `My base64 (is not working)`

it seems like that azure needs always 28 characters but my generated base74 has 32...

I wasted 20 hours on this problem but diddnt find any solution.

Answer 1

I just encountered this same issue. AzureAd does not seem to want openssl sha1 -binary | openssl base64

I had to open up gradle on android/app/build.gradle

open up app/tasks/android -> signingReport

grab the sha1 from there in the form of xx:xx:xx...xx:xx

convert to base 64 here: https://base64.guru/converter/encode/hex

hope this helps

Answer 2

On Android Studio go to View->Tool Windows->Gradle .

On the Gradle tab go to YOURPROJECTNAME->Tasks->android->signingReport .

Right-click on signingReport and left-click on 'Run YOURPROJECTNAME [signingReport]' .

Get the SHA1 from the Run tab generated output on the IDE bottom in the form of xx:xx:xx...xx:xx .

Convert to base 64 here: https://base64.guru/converter/encode/hex

Answer 3

For me using Xamarin.Forms I needed another workaround to get the SHA1 out of the certificate:

.\keytool.exe -list -v -alias androiddebugkey -keystore %HOMEPATH%\.android\debug.keystore -storepass android

then convert the HEX values here: https://base64.guru/converter/encode/hex

Answer 4

Not enough rep to comment on Jorge Luiz's post, but I had to complete an additional step to make this method work. My full solution was this:

• Go to settings (File -> Settings)
• Go to the Experimental tab
• Under Gradle, disable Do not build Gradle task list during Gradle sync

Then follow the steps as in Jorge's post, which I will recap here. If the task does not appear, you may need to sync your gradle files again. You can find this option under File -> Sync project with gradle files. Then follow these steps:

• Open the Gradle view (View -> Tool Windows -> Gradle)
• Locate the signingReport task ( <projectname>(/app)/Tasks/android/signingReport )
• Double click, or right click and select run

The Run tab should automatically open, then from there you:

• Copy the SHA1 HEX value in the form XX:XX:XX...
• Convert it to base64 using a tool like https://base64.guru/converter/encode/hex

Answer 5

I had the same failure, so a couple of things helped:

PowerShell

If you run this from PowerShell, be sure to change %HOMEPATH% to $env:HOMEPATH like so:

keytool -exportcert -alias androiddebugkey -keystore $env:HOMEPATH\.android\debug.keystore | openssl sha1 -binary | openssl base64

Base64

I tried to use base64 from my Git installation to encode it but it didn't like that version. You can add your Windows Git path to the PATH environment to use the git versions of these tools:

PowerShell: $env:path += "C:\Program Files\Git\usr\bin\

Command Prompt: set PATH=%PATH%;C:\Program Files\Git\usr\bin\

Then use openssl as in the example. This time from the command prompt (not PowerShell):

keytool -exportcert -alias androiddebugkey -keystore %HOMEPATH%\.android\debug.keystore | openssl sha1 -binary | openssl base64

The final example worked for me on Azure.