-1

I am downloading a file that want to install on my computer. I know that it will be Ok to install if the signature matches the signature I have on file for the distributor of that file.

I am not downloading directly from the distributor though so I want to check that the file is signed with their key.

I have downloaded a version of openssl for windows but I can't see from that how to tell what the key is from the application file. I've seen many files for download say that their hash is x but what I am looking for is the distributor's key which from the file itself. What I have to compared it against is the SHA1-40-hex digit key.

Improve this question
1

1 Answer 1

Reset to default
0

I installed the JDK and used it's [jdk]\bin\keytool.exe to run the following: keytool -list -printcert -jarfile [path_to_your_apk] > signature.txt

If you look through that file you can see the signature section at the top and the required signature in it. Thanks.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.