msikyna
commented
1 week ago Hello @duspada ,
thank you for the question, the documentation moreover states 'If you are not sure how to get your certificate hash, you can check out the guide on our Github wiki.' . The wiki page specifies that it is SHA-256 and there is a link to the tool, which should be used for the conversion of the hash to base64: https://base64.guru/converter/encode/hex
In your case, when I put 'B1:8D:3D:EC:84:51:88:1D:94:17:66:A0:0E:F2:E5:EF:61:53:84:57:46:E2:63:08:06:55:7A:E9:E7:75:9D:83' into the tool, I receive 'sY097IRRiB2UF2agDvLl72FThFdG4mMIBlV66ed1nYM=', which should be put in the configuration.
We will try to improve this part of the documentation, thank you for the feedback 👍
Kind regards, Talsec team
Describe the bug When I try to use appIntegrity in React Native, it always indicates an invalid hash.
To Reproduce For example, assuming my hash is: SHA1: 5B:CD:E1:EF:90:B8:37:BE:9B:6D:28:3D:BA:10:67:C0:A7:55:54:05 SHA256: B1:8D:3D:EC:84:51:88:1D:94:17:66:A0:0E:F2:E5:EF:61:53:84:57:46:E2:63:08:06:55:7A:E9:E7:75:9D:83 I have tried as follows: NUI6Q0Q6RTE6RUY6OTA6Qjg6Mzc6QkU6OUI6NkQ6Mjg6M0Q6QkE6MTA6Njc6QzA6QTc6NTU6NTQ6MDU= - base64 of SHA1
QjE6OEQ6M0Q6RUM6ODQ6NTE6ODg6MUQ6OTQ6MTc6NjY6QTA6MEU6RjI6RTU6RUY6NjE6NTM6ODQ6NTc6NDY6RTI6NjM6MDg6MDY6NTU6N0E6RTk6RTc6NzU6OUQ6ODM= - base64 of SHA256
with:
apksigner verify --print-certs app-release.apk: Signer #1 certificate SHA-256 digest: b18d3dec8451881d941766a00ef2e5ef6153845746e2630806557ae9e7759d83 Signer #1 certificate SHA-1 digest: 5bcde1ef90b837be9b6d283dba1067c0a7555405 Signer #1 certificate MD5 digest: 9a35cbd3e84cacc3bcdfe6e4f52a4e10So i tryed: 5bcde1ef90b837be9b6d283dba1067c0a7555405 - hash in lowerCase without colons NWJjZGUxZWY5MGI4MzdiZTliNmQyODNkYmExMDY3YzBhNzU1NTQwNQ== - base64 of it
b18d3dec8451881d941766a00ef2e5ef6153845746e2630806557ae9e7759d83 - hash in lowerCase without colons YjE4ZDNkZWM4NDUxODgxZDk0MTc2NmEwMGVmMmU1ZWY2MTUzODQ1NzQ2ZTI2MzA4MDY1NTdhZTllNzc1OWQ4Mw== - base64 of it
Nothing never works...
Expected behavior A clear and concise description of what you expected to happen.
Screenshots If applicable, add screenshots to help explain your problem.
Please complete the following information:
Additional context In the documentation, the only available information is "the hashes must be in base64," but it doesn't specify which hash to use (whether SHA-1, SHA-256, or another) nor how to retrieve this hash... It doesn't clarify if the hash should be processed (removing colons or not), if it should be lowercase, uppercase, or in another format, making it very difficult to use correctly. Additionally, I believe that if there were a function that returns the current hash (the one the library is validating against), it would make debugging easier, as we could reverse-engineer the "expected" hash and thus implement it correctly.