我们应该保留我们的SHA-256公开吗?

huangapple go评论63阅读模式
英文:

Should we keep our SHA-256 public?

问题

当生成数字资产链接时,我们应该生成一个包含我们的安卓应用的SHA-256的资产链接文件,并将其发布到 https://www.your-host.com/.well-known/assetlinks.json,如这里所述。所以公开发布我们的SHA-256是否安全?

只需阅读文档。

英文:

When generating a Digital Asset Link we are supposed to asset links file contaning SHA-256 of our android app and post it to https://www.your-host.com/.well-known/assetlinks.json as stated here. So is it safe to post our SHA-256 publicly?

Just read through the documentation

答案1

得分: 0

是的,可以公开发布SHA-256。实际上,SHA-256指纹可以从任何签名的API中提取,使用以下命令:keytool -printcert -jarfile [APK或AAB路径] | grep SHA256。一旦安装,任何其他Android应用程序也可以读取您的SHA-256密钥。Peter的AsseLinks工具 利用这一点来帮助人们找到他们的SHA-256密钥。

英文:

Yes, it is safe to post the SHA-256 publicly. In fact, the SHA-256 fingerprint can be extracted from any signed API with the following with keytool -printcert -jarfile [path to APK or AAB] | grep SHA256. Once installed, any other Android app can also read your SHA-256 key. Peter's AsseLinks Tool takes advantage of that to help people find what their SHA-256 key is.

huangapple
  • 本文由 发表于 2023年6月30日 03:49:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/76584202.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定