英文:
Should we keep our SHA-256 public?
问题
当生成数字资产链接时,我们应该生成一个包含我们的安卓应用的SHA-256的资产链接文件,并将其发布到 https://www.your-host.com/.well-known/assetlinks.json,如这里所述。所以公开发布我们的SHA-256是否安全?
只需阅读文档。
英文:
When generating a Digital Asset Link we are supposed to asset links file contaning SHA-256 of our android app and post it to https://www.your-host.com/.well-known/assetlinks.json as stated here. So is it safe to post our SHA-256 publicly?
Just read through the documentation
答案1
得分: 0
是的,可以公开发布SHA-256。实际上,SHA-256指纹可以从任何签名的API中提取,使用以下命令:keytool -printcert -jarfile [APK或AAB路径] | grep SHA256。一旦安装,任何其他Android应用程序也可以读取您的SHA-256密钥。Peter的AsseLinks工具 利用这一点来帮助人们找到他们的SHA-256密钥。
英文:
Yes, it is safe to post the SHA-256 publicly. In fact, the SHA-256 fingerprint can be extracted from any signed API with the following with keytool -printcert -jarfile [path to APK or AAB] | grep SHA256. Once installed, any other Android app can also read your SHA-256 key. Peter's AsseLinks Tool takes advantage of that to help people find what their SHA-256 key is.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论