# First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file).
# Then issue this command:
keytool -printcert -file ANDROID_.RSA
# You will get certificate fingerprints like this:
# MD5: B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
# SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68
# Signature algorithm name: SHA1withRSA
# Then use the keytool again to print out all the aliases of your signing keystore:
keytool -list -keystore /path/to/file.keystore
# You will get a list of aliases and their certificate fingerprint:
# android_key, Jan 23, 2010, PrivateKeyEntry,
# Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
# Voila! we can now determined the apk has been signed with this keystore, and with the alias 'android_key'.
# Keytool is part of Java, so make sure your PATH has Java installation dir in it.