Facebook Login integration in Android requires a Key Hash to validate your app’s identity. Without the correct key hash, authentication will fail with errors like:
Invalid Key Hash
Login failed
App not configured properly
This guide provides an updated, production-ready method to generate debug, release, and Play App Signing key hashes using modern Android tooling.
This content is maintained and updated for developers on javatechig.com.
What is Facebook Key Hash in Android?
A Facebook key hash is a Base64-encoded SHA-1 fingerprint of your app’s signing certificate.
Facebook uses this hash to:
- Verify your app’s signature
- Ensure only authorized builds can authenticate
- Secure login integration
If you are using the Facebook SDK from Meta Platforms, key hash configuration is mandatory.
When Do You Need a Key Hash?
You need different key hashes for:
- Debug build (local testing)
- Release build (production APK/AAB)
- Google Play App Signing certificate
- CI/CD generated builds
Many developers forget the Play App Signing key hash, which causes login failures after publishing.
Method 1: Generate Debug Key Hash (Recommended for Development)
Android automatically creates a debug keystore located at:
Windows:
C:\Users\YOUR_USERNAME\.android\debug.keystore
Mac/Linux:
~/.android/debug.keystore
Step 1: Run This Command
Windows:
keytool -exportcert -alias androiddebugkey -keystore %USERPROFILE%\.android\debug.keystore | openssl sha1 -binary | openssl base64
Mac/Linux:
keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64
Default Debug Keystore Password
android
This command generates your Debug Key Hash.
Method 2: Generate Release Key Hash
If your app uses a custom release keystore:
keytool -exportcert -alias YOUR_RELEASE_ALIAS -keystore path/to/your/release.keystore | openssl sha1 -binary | openssl base64
You will be prompted for your keystore password.
Use this hash inside your Facebook Developer Console.
Method 3: Get Key Hash for Google Play App Signing (Most Important)
If you enabled Play App Signing in Google Play Console, your release keystore hash will NOT work.
Step 1: Open Google Play Console
Go to:
Release → Setup → App Integrity
Step 2: Copy SHA-1 Certificate Fingerprint
Google provides:
- App signing key certificate
- Upload key certificate
Copy the App signing key SHA-1.
Step 3: Convert SHA-1 to Facebook Key Hash
Use this command:
echo YOUR_SHA1_WITHOUT_COLONS | xxd -r -p | openssl base64
This generates your Play Signing Key Hash.
Add this to Facebook Developer Dashboard.
Alternative: Get Key Hash Programmatically (Debug Only)
Add this temporary code inside your MainActivity:
try {
PackageInfo info = getPackageManager().getPackageInfo(
"your.package.name",
PackageManager.GET_SIGNING_CERTIFICATES
);
for (Signature signature : info.signingInfo.getApkContentsSigners()) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.d("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
}
} catch (Exception e) {
e.printStackTrace();
}
Run the app and check Logcat.
Remove this code before releasing the app.
Where to Add the Key Hash in Facebook Console
- Go to Facebook Developer Dashboard
- Select your app
- Navigate to: Settings → Basic
- Scroll to Android Section
- Paste the Key Hash
- Save Changes
Common Errors and Fixes
1. Invalid Key Hash Error
Cause:
- Wrong keystore
- Missing Play signing key
- Extra spaces copied
Fix:
- Verify SHA-1
- Ensure Base64 conversion is correct
- Add all possible key hashes (debug + release + play)
2. Works in Debug but Not in Production
Cause:
- Only debug key hash added
Fix:
- Add release + Play signing key hash
3. OpenSSL Not Found Error
Install OpenSSL:
- Windows: Install from official OpenSSL binaries
- Mac:
brew install openssl
Best Practices (2026 Updated)
- Always add all three key hashes (debug, release, play)
- Use Play App Signing SHA-1 after publishing
- Never share your keystore publicly
- Store keystore securely in CI/CD vault
- Document signing configuration in your project
Final Technical Checklist
Before going live, verify:
- Facebook SDK initialized properly
- Correct Application ID in manifest
- Internet permission added
- Key hash added in Facebook console
- Play signing key hash added
