android – Google Play App Signing – KeyHash Mismatch-ThrowExceptions

Exception or error:

I’am using the new Google Play App Signing to sign my application and there is a mismatch key-hash.

I integrated Facebook Login in my app and it said keyhash invalid.
The keyhash release of my APK is different of the keyhash release created by the process of Google Play App Signing.

EDIT : Step i did:

1) Created a jks keystore file.

2) Created a apk release signed with the jks file.

3) Imported the APK in Google Console Developer, with the subscription to Google Play App Signing which modify the signed key.

4) Once online, i download and open the app, Facebook initialization say : Invalid Key hash

When i check the hashkey in the app via the code below, the hash key is different of the invalid hashkey said by Facebook:

  try {
        PackageInfo info = getPackageManager().getPackageInfo(
        for (Signature signature : info.signatures) {
            MessageDigest md = MessageDigest.getInstance("SHA");
            Log.d("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
    } catch (PackageManager.NameNotFoundException e) {

    } catch (NoSuchAlgorithmException e) {


Even if i put the hashkey said by Facebook in the Facebook dashboard, it don’t work.
It seems Google Play App Signing modify the hashkey during signing process.
Do you have an idea to resolve it?

How to solve:

I had the same issue and it appears that as you say, the Google Play Store re-signs your apk with a new key, and this what you must provide to Facebook as the key hash (not the one generated using keytool).

The second half of this answer is useful.

Basically you need to provide Facebook with the hash based on the SHA-1 App signing certificate Google generated, instead of using keytool and your local key (which it seems is now just used for uploading to Google).


You have to use the SHA-1 key generated by Google. Following steps would fix it.

1). Go to Google console => Release Management => App signing => App signing certificate.

2). Copy SHA-1 certificate from there and as it’s in hexadecimal and since Facebook needs it in base64 so use the command shown in step 3

3).echo SHA-1 key from step-2 (Hexadecimal) | xxd -r -p | openssl base64
This command won’t work in command prompt use bash on windows or git cli.

4). Paste the base64 key in Facebook console => Settings => basic => key hashes


You can convert SHA-1 hash in hex format (as found in Play console) into base64 hash using next command (on maybe Git Bash):

echo 33:4E:48:84:19:50:3A:1F:63:A6:0F:F6:A1:C2:31:E5:01:38:55:2E | xxd -r -p | openssl base64



This hash can be used for example when setting up Facebook app. Answer Source


I’m guessing that you might be using the key hash generated for debug.keystore.

Steps you have to follow

1.Generate key hash for the release certificate.

Go to command line and execute this command. Replace the placeholders in <*..*> with appropriate values.

keytool -exportcert -alias <*provide an alias here. I recommend to use the same alias that you use for google play app signing*> -keystore _<*your path to the jks certificate*> | openssl sha1 -binary | openssl base64

This command will generate a key hash.

2.Copy the key hash generated by the above command and paste it in your Facebook app console like this..

3.Sign the apk with your jks. Download and install on your phone to test.

Try this and let me know. All the best. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *