How to Create the Right Release Key Hash for Android settings in a Facebook App ID
How to fix "Invalid key hash" on release build
If you're seeing the "Invalid key hash" error like the one pictured above, it actually provides everything you need to fix the issue. The error message contains the correct key hash, which you can just copy and paste into your Facebook App's Android settings.
But this article is about how to generate the right key, right? So let’s start with the Facebook integration document:
The official document instructs to run the following command using Java’s keytool to generate a release key hash from your keystore file:
keytool -exportcert -alias <RELEASE_KEY_ALIAS> -keystore <RELEASE_KEY_PATH> | openssl sha1 -binary | openssl base64
The problem is, when you upload your app to the Google Play Console, it gets re-signed with different signing key for distribution. This means the hash you generate locally will not match the hash of the app users download from the Play Store.
🙋 Does Google let us download that signing key?
🗣️ No, you can't.
The app signing key itself is not accessible, and is kept on a secure Google server.
While we can't access the private key, we can get the public certificate, which includes:
MD5 certificate fingerprint
SHA-1 certificate fingerprint
SHA-256 certificate fingerprint
So, how can we use these certificate fingerprints?
Look into the detail of the command above, it uses openssl to convert the certificate into a SHA1 hash, then encodes it into a Base64 string, which results is a 28-characher string. Since Google Play already provides the SHA-1 public key hash (in hexadecimal format), all you need to do is convert it to Base64.
Here's the command you need to do that:
echo <YOUR_SHA1_CERTIFICATE_COPIED_FROM_GOOGLE_PLAY> | xxd -r -p | openssl base64
If you don’t know how to get the SHA-1 certificate fingerprint, follow these steps:
Go to Google Play Console.
Click on Test and release.
Click on App integrity.
Find the Play app signing section and click on the Settings button.
- Under the App signing key certificate, you will find the SHA-1 certificate fingerprint.
