Keystore

A digital certificate that securely stores your app’s signing keys. Every Android app must be signed with a keystore to run on real devices.

SHA-256 Fingerprint

A unique identifier derived from your keystore. This fingerprint, combined with your app’s package name, enables Android to verify your app’s authenticity through Digital Asset Links (assetlinks.json).

Handling the keystore

In Android development, every app is digitally signed using a keystore. Each keystore generates a unique fingerprint, essential for securely associating your app with a domain through asset links.

In our example project, we provided a shared keystore specifically for debugging purposes. This shared debug keystore was defined explicitly in the project’s android/app/build.gradle file, ensuring all developers using the example project share a common fingerprint.

// this signing config only exists to allow everybody to easily run the example
// don't use this keystore to sign your own apps
signingConfigs {
    example {
        keyAlias 'example'
        keyPassword 'example'
        storeFile file('../example.keystore')
        storePassword 'example'
    }
}

buildTypes {
    debug {
        signingConfig signingConfigs.example
    }
}

This approach simplifies collaboration because:

  • Everyone uses the same fingerprint.
  • We avoid adding multiple developer-specific fingerprints to the assetlinks.json.

For your own project, you have two practical options, which we will explain in the following sections.

Each developer typically has their own default debug keystore (generated automatically by Android Studio).

  • Pros: No extra setup; simplest option.
  • Cons: Requires adding each developer’s fingerprint to the assetlinks.json.

How:

By default, your android app uses your debug key generated by Android Studio when you first run the project to sign your debug app. However if you’re using our example as your basis, simply remove the override in your project’s android/app/build.gradle file:

// Remove or comment out these lines to use the default debug keystore
signingConfigs {
    example {
        keyAlias 'example'
        keyPassword 'example'
        storeFile file('../example.keystore')
        storePassword 'example'
    }
}

buildTypes {
    debug {
        signingConfig signingConfigs.example
    }
}

Get the debug fingerprint:

1

Open Android Studio

As the key is generated when you first open your app on run/debug your app through Android Studio, you will need to:

  1. Open the android folder in Android Studio
  2. Run your app directly through Android Studio
2

Get the Debug Keystore Fingerprint

Once Gradle is done syncing, open your terminal and execute the appropriate command for your operating system:

keytool -list -v -keystore ~/.android/debug.keystore -alias androiddebugkey
You need to have Java Runtime installed on your device and added to your PATH to use the keytool.
3

Enter Password

When prompted for a password, use the default Android debug keystore password: android

4

Find Your SHA256 Key

The output will include your SHA256 key in this format:

SHA256: <your SHA-256 fingerprint>

Set package name and fingerprint

As explained in Android: Overview, the Digital Asset Links (DAL) file is essential for using passkeys in your Flutter app. To include your package name and fingerprint in the DAL file, you need to provide them here:

  1. On the developer panel, Go to Settings → Native apps
  2. Click on Add new.
  3. Insert your Package Name and the SHA-256 Fingerprint from earlier.
    Make sure to use the exact package name from your Android app’s build.gradle file and the SHA-256 fingerprint you obtained from the keytool command.
  4. Submit the new Android App
    You can view your changes live through the Digital Asset Links file link found in Settings → Native apps

You can open the Digital Asset Links (DAL) file hosted by Corbado to verify your settings. Make sure to save your settings first:

https://<Your RPID>/.well-known/assetlinks.json