Is there any input that SHA-1 will compute to a hex value of fourty-zeros, i.e. "0000000000000000000000000000000000000000"?
How do I check if my SSL Certificate is using SHA1 or SHA2, from the commandline?
And yes, i this is similar to this, but i need a cli-tool and i want to understand how it is done.
I am using the Google Maps Android API and I'm running into some issues.
I am signing my apk with android studio (created one at .android/keystore.jks). Also I'm selecting "release" as type in it. I have used the command
keytool -list -v -keystore C:\Users\Toshiba\.android\keystore.jks
to get the SHA1 fingerprint out of the keystore.
The SHA1 is correct, but the Map is not shown on a signed APK. It is shown in a debug APK.
Using keytool with the release keystore (keystore.jks) will get me this:
The debug one works fine (I have added 2 to the API console in Google)
XX is blacked out.
The keytool says it is using SHA256withRSA as signature algorithm for both, the debug and the release keystore.
What am I doing wrong?
UPDATESo I've tried a new API key, clean project and rebuild it, new keystore - still not working on release... debug is fine!
UPDATE 2Still not found a working solution... Help me!
UPDATE 3 Allright, got it working using a signed APK with build type debug. Extracted the CERT.RSA and runned
keytool -printcert -file ./CERT.SA. Got the same result as for the release build type. In release it is not working!
Google, Facebook, Wikipedia, Amazon and other hundreds of website are still encrypted with less secured SHA-1 algorithm.
Google said on official blog, they are in hurry to kiss SHA-1, but they are still using SHA-1.
Does migration from SHA-1 to SHA-2 really matters?
An SHA1 digest should be 160 bits long. Still it is normally represented as a string with 40 characters. Considering 8-bits-bytes and that 1 char corresponds to 1 byte, it seems to me the SHA1 digest should have 20 bytes and it's hex representation 40 bytes.
For example, using OpenSSL I could get the following results (after manually removing extra information added):
PLAIN MESSAGE: The only possible revolution is inside us
openssl dgst -sha1 -hex dgsttxt &> sha1_hex32 64 66 61 33 35 66 62 35 37 34 65 36 62 65 36 32 33 62 37 63 36 31 61 63 61 32 63 61 31 65 66 39 30 36 62 39 63 38 34openssl dgst -sha1 -binary dgsttxt &> sha1_binary2D FA 35 FB 57 4E 6B E6 23 B7 C6 1A CA 2C A1 EF 90 6B 9C 84
Applying a wc in each file I get
wc sha1_binary sha1_hex 0 1 20 sha1_binary 0 1 40 sha1_hex 0 2 60 total
So I have two questions:
I have already seen a similar question here but I am not sure if I am too stupid to understand the answers or if they are really poor. Any help is appreciated.