TechQA.

Should we keep our SHA-256 public?

254 views Asked by At

When generating a Digital Asset Link we are supposed to asset links file contaning SHA-256 of our android app and post it to https://www.your-host.com/.well-known/assetlinks.json as stated here. So is it safe to post our SHA-256 publicly?

Just read through the documentation

android sha256 chrome-custom-tabs trusted-web-activity digital-assets-links
Original Q&A
1

There are 1 answers

0
andreban On BEST ANSWER

Yes, it is safe to post the SHA-256 publicly. In fact, the SHA-256 fingerprint can be extracted from any signed API with the following with keytool -printcert -jarfile [path to APK or AAB] | grep SHA256. Once installed, any other Android app can also read your SHA-256 key. Peter's AsseLinks Tool takes advantage of that to help people find what their SHA-256 key is.

Related Questions in ANDROID

Related Questions in SHA256

Related Questions in CHROME-CUSTOM-TABS

Related Questions in TRUSTED-WEB-ACTIVITY

Related Questions in DIGITAL-ASSETS-LINKS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions