0
I started studying about the Flutter framework and would like to know what is the difference between SHA-1’s DEBUG and RELEASE (Production), because reading the documentation provided by Flutter, unless some misunderstanding, the command specified for debug and release produce the same result (same SHA-1 code).
Is there any difference between the SHA-1 of DEBUG and RELEASE? If so, what would be the difference?
3
SHA-1 is not something "made" by Flutter, but something that Android uses.
The SHA-1 DEBUG signature is the most "basic" signature certificate used to run some things while you develop your application, as its name says, in DEBUG mode.
When you generate an APK for testing, it is signed with a SHA-1 key.
The SHA-1 RELEASE signature is a signature certificate that has "more data" that Google will use to identify your application.
You have access to it after generating a key.keysotre using the keytool which is made available by Java;
To generate the Keystore, some data is requested:
• His name
• Name of company
• City and State where you or your company reside
You say that "the command specified for debug and production produce the same result (same SHA code)"
You probably used the Gradle task called "signingReport" which generates an equal SHA-1 signature for all its project variants (Flavors), which by default Flutter only brings configured DEBUG.
It is an encryption that is used, in the context of the question, as a key to your application. It serves as a "Signature Key Print" or "Signature Certificate", so google will allow you to use some Apis for your device;
You can read a little more about here SHA-1 Key - Android.
Certain Google Play services (such as Google Sign-in and App Invites) require you to provide the SHA-1 of your Signing Certificate so we can create an Oauth2 client and API key for your app. To get your SHA-1, follow the Instructions to use Keytool or Gradle’s Signing Report.
Source: Authenticating your "Client"
An example of service using SHA-1 is Firebase, which when you are developing your application may or may not inform SHA-1 by including the application in Firebase; but if you do not report, some things will not work as it is necessary, such as, for Dynamic Links, for Invites and for Google Login or to receive phone support in Auth.
In some places you may find teaching how to use a Gradle calling for signingReport.
The signingReport creates a signature key for all variants (Flavors) of the DEBUG environment, which is what comes by default in your Flutter application.
You can see this in your Google app level: your android app build.Radle project
buildTypes { release { // TODO: Add your own signing config for the release build. // Signing with the debug keys for now, so `flutter run --release` works. signingConfig signingConfigs.debug } }
When rotating the command through the CMD:
your android project gradlew signingReport
DEBUG signature keys will be generated for your application, all being equal, because at this point "it doesn’t matter much"...
Now yes this signature matters, it is with it that Google will validate various things and identify your application.
To generate it, you need to follow a few different steps using the keytool which is a tool that comes along with the Java.
C: Program Files Java jdk-14.0.1 bin keytool.exe
(Be able to see here: Flutter - Signing up for the app - EN)
Through a command, you will create a Keystore which is an encrypted file that you will need to sign your application in RELEASE.
keytool -genkey -v -Keystore C: Users MATHEUS keyteste key.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias key
When executing the command, you will have to answer some questions to generate your key
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Matheus Miranda What is the name of your organizational unit? [Unknown]: Matheus S/A What is the name of your organization? [Unknown]: Matheus Ltda What is the name of your City or Locality? [Unknown]: Bauru What is the name of your State or Province? [Unknown]: São Paulo What is the two-letter country code for this unit? [Unknown]: SP Is CN=Matheus Miranda, OU=Matheus S/A, O=Matheus Ltda, L=Bauru, ST=SÆo Paulo, C=SP correct? [no]:
With this generated file, you can use another command that will provide you with the SHA-1 signature.
keytool -list -v -Keystore C: Users MATHEUS keyteste key.jks -alias key
After generating this file, you use it to properly configure the build type RELEASE to send to the store. ~~I won’t go deeper
I hope I could explain, and in case I said something stupid or cited incorrect information, please point out the problem.
SHA-1 is not from Android.
@Sorack I know it’s not from Android, so much so that at the beginning of the answer I quote that it is not something from Flutter but something that Android uses (And I’m not saying it’s "his"). Is there anything I can improve on my answer? I may not have made it very clear
No, I think your answer is "OK"
Browser other questions tagged flutter
You are not signed in. Login or sign up in order to post.
Important you
EDITARthis question, explaining it clearly, objectively and directly, emphasizing the difficulty found. Furthermore, provide us with a Minimum, complete and verifiable example problem, along with its attempt to resolve. What’s more, I suggest reading the Stack Overflow Survival Guide in English to better understand the functioning of the platform and not have greater frustrations.– Solkarped
Renato, the SHA-1 key (Debbug | production) is not something "made" by Flutter, this is related to Android and Gradle. You probably saw a form of key generation that many teach that generates some keys for DEBUG to simulate debug, release, debugTest, Debugandroidtest everything within the DEBUG environment, then generates the same key in both. The key to environment RELEASE may contain company data, city, etc... It is a "subscription" that will be used by Google to know how to identify your application in some services.
– Matheus Ribeiro
@Matheusribeiro could take a reference, add a little more information and publish a reply, it would be good :)
– Rafael Tavares
@Rafaeltavares I had no time to elaborate something, I already provided an answer, I hope to have been able to explain correctly.
– Matheus Ribeiro