How to verify that app was signed by my certificate?

Question

How do I check if the signature of my app matches the signature of the certificate that I used to sign it?

This is how I should be able to get the certificates fingerpri

Answer 1

You are computing the MD5 hash of the wrong data. The fingerprint of a certificate is a hash (MD5, SHA1, SHA256, etc.) of the raw certificate. I.e., you should be computing the hash of these bytes:

byte[] cert = signatures[0].toByteArray();

E.g., the following computes a SHA1 fingerprint, just change SHA1 to MD5 if you prefer.

    public String computeFingerPrint(final byte[] certRaw) {

    String strResult = "";

    MessageDigest md;
    try {
        md = MessageDigest.getInstance("SHA1");
        md.update(certRaw);
        for (byte b : md.digest()) {
            strAppend = Integer.toString(b & 0xff, 16);
            if (strAppend.length() == 1)
                strResult += "0";
            strResult += strAppend;
        }
        strResult = strResult.toUpperCase(DATA_LOCALE);
    }
    catch (NoSuchAlgorithmException ex) {
        ex.printStackTrace();
    }

    return strResult;
}