Keytool is a free command line tool that is added to your system when you install Java.
If you want to build an Android APK binary that can be distributed on the Play Store, you need to use keytool to generate the SHA-1 fingerprint for your signing certificate.
This is a required step when configuring the Firebase SDK for your Android (or Flutter) app.
This page on the official documentation explains how to use keytool, but not how to install it.
So if you got stuck with this before, this article explains all the required steps.
Ready? let's go!
Getting the SHA-1 certificate fingerprint with keytool
This is how to use keytool to get the debug SHA-1 certificate fingerprint on Windows:
keytool -list -v -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore
And this is the equivalent on macOS/Linux:
keytool -list -v -alias androiddebugkey -keystore ~/.android/debug.keystore
However, the commands above will only work if you have keytool already installed on your system, and it is included in your system PATH.
'keytool' is not recognized as an internal or external command, operable program or batch file.
If this is not the case, you'll be greeted with this message (on Windows):
Let's fix this.
Install keytool on your system
Keytool is included as part of the Java runtime. So by installing Java, you'll also have keytool in your system.
To install Java, visit the JAVA SE Downloads page.
Then, select the JDK Download link.
This takes you to a page called "Java SE Development Kit 15 Downloads".
Scroll to the bottom, and you'll find download links for Linux, macOS and Windows.
Download the correct installer (jdk-15.0.1_windows-x64_bin.exe on Windows, jdk-15.0.1_osx-x64_bin.dmg on macOS). Then follow the installation steps for your system and make a note of where this is installed (e.g. C:\Program Files\Java\jdk-15.0.1\ on Windows).
Congratulations, the Java SDK is now installed on your system.
Add the keytool folder to your system PATH (on Windows)
In order to run keytool from the command line, you need to add it to your system PATH.
This step is required on Windows only, as keytool will is automatically installed on /usr/bin on macOS/Linux.
On the search box, type path, then open Edit the system environment variables (Control panel):
This opens the Advanced tab of the System Properties dialog:
From here, select Environment Variables..., which opens this dialog:
You'll see that both the User variables and System variables have a Path variable. It doesn't really matter which one you choose. For this example, we'll edit the User variables one.
The next dialog shows the environment variables for the current user. Select New, then add a new line pointing to your jdk installation folder, with a trailing \bin at the end (e.g. C:\Program Files\Java\jdk-15.0.1\bin):
Then press OK and close all the dialogs, then open a new command prompt.
Try running keytool. This time you should get this output:
C:\Users\salta>keytool
Key and Certificate Management Tool
Commands:
-certreq Generates a certificate request
-changealias Changes an entry's alias
-delete Deletes an entry
-exportcert Exports certificate
-genkeypair Generates a key pair
-genseckey Generates a secret key
-gencert Generates certificate from a certificate request
-importcert Imports a certificate or a certificate chain
-importpass Imports a password
-importkeystore Imports one or all entries from another keystore
-keypasswd Changes the key password of an entry
-list Lists entries in a keystore
-printcert Prints the content of a certificate
-printcertreq Prints the content of a certificate request
-printcrl Prints the content of a CRL file
-storepasswd Changes the store password of a keystore
-showinfo Displays security-related information
Use "keytool -?, -h, or --help" for this help message
Use "keytool -command_name --help" for usage of command_name.
Use the -conf <url> option to specify a pre-configured options file.
This confirms that keytool is installed and configured in your PATH.
Using keytool to generate te SHA-1
You're now ready to generate your SHA-1:
keytool -list -v -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore
This will work, if you already have a keystore at the given location (%USERPROFILE%\.android\debug.keystore). If not you'll get this error:
keytool error: java.lang.Exception: Keystore file does not exist: C:\Users\salta\.android\debug.keystore
java.lang.Exception: Keystore file does not exist: C:\Users\salta\.android\debug.keystore
at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:916)
at java.base/sun.security.tools.keytool.Main.run(Main.java:422)
at java.base/sun.security.tools.keytool.Main.main(Main.java:415)
If you don't have a keystore, you'll need to generate one with Android Studio. This document about app signing on Android includes the information you need.
Conclusion
Phew! Getting keytool running on Windows requires a few steps, but we got there in the end.
If I have missed something, let me know on Twitter.
Happy coding!
