background
When a developer integrates some services of HMS Core in an application, cross-platform SDKs such as android sdk and flutter may report a 6003 error code after compiling and packaging. According to the query, the error code 6003 indicates that the certificate fingerprint configuration is inconsistent, mainly because the signature of the generated package (such as Android apk) is inconsistent with the configuration in the application settings on the Huawei developer platform.
reason
- The signature SHA256 is not configured in the AppGallery Connect app settings according to the development documentation
- SHA256 has been configured on the developer platform, but it is inconsistent with the SHA256 that is actually packaged to generate the apk signature.
Solution
- Configure SHA256 according to the official documentation :
Note: After adding SHA256, you need to re-download the agcconnect.json file to update it to the project and regenerate the application apk.
- You can directly obtain the SHA256 signed by the packaged apk, add the configuration to the AppGallery Connect application settings configuration, and then re-download the agcconnect.json file to update it to the project, and regenerate the application apk.
Developers can use any of the following ways to get the apk fingerprint and compare it to make sure it's the same:
Method 1: jarsigner
Example command: jarsigner -verbose -verify MyAPK_base_v11.0.apk > MyAPK_info.txt
Look at MyAPK_info.txt to find the path to the ".RSA" file, then use the following command to parse the .RSA
unzip -p MyAPK_base_v11.0.apk META-INF/BNDLTOOL.RSA | keytool -printcert
result:
Certificate fingerprints:
SHA1: D0:88:29:99:94:C3:72:44:EA:CF:B1:6B:09:3E:01:95:FE:E4:45:BE
SHA256: EF:68:A7:0A:3A:47:F8:DD:46:58:52:EA:E2:59:AE:D6:1A:43:38:D8:14:26:05:9E: D3:99:C2:D1:F6:34:D9:DE
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 1024-bit RSA key (weak)
Method 2: apksigner.bat
Command example: (apksigner.bat is usually located in /android/build-tools folder)
apksigner.bat verify --print-certs MyAPK_base_v10.2.6-8569.apk
result:
Signer #1 certificate DN: CN=Michael Smith, OU=My Org, O=A Team, L=Okemos, ST=Michigan, C=US
Signer #1 certificate SHA-256 digest: ef68a70a3a47f8dd465852eae259aed61a4338d81426059ed399c2d1f634d9de
Signer #1 certificate SHA-1 digest: d088299994c37244eacfb16b093e0195fee445be
Signer #1 certificate MD5 digest: 68710e87d99e7f946958db33d3fcf13c
From this, the packaged signature SHA256 can be obtained as:
EF:68:A7:0A:3A:47:F8:DD:46:58:52:EA:E2:59:AE:D6:1A:43:38:D8:14:26:05:9E:D3: 99:C2:D1:F6:34:D9:DE
Compare it to SHA-256 in AppGallery Connect. If it does not exist, add SHA256 (multiple SHA256s can be added to the same application), then you need to re-download the agcconnect.json file to update it to the project, and regenerate the application apk.
If the 6003 error is still reported after the signature SHA256 is added and the configuration is consistent, the developer needs to find the HMS Core (APK) on the Apps page of his device, clear the cache, restart the application and perform the previous operation again. This is because HMS Core (APK) may cache signature files.
Learn more details>>
Visit the official website of Huawei Developer Alliance
Get development guidance documents
Huawei Mobile Services Open Source Warehouse Address: GitHub , Gitee
Follow us to know the latest technical information of HMS Core for the first time~
android
java
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。