Rotating your private key
You should rotate your private key occasionally. When you do this depends upon several factors:
Your companies security policy restricting the length of time private key material is valid for.
Your mobile app deprecation policy.
Your app metadata being exposed (data loss).
Development team members leaving your employment.
The instructions here assume you are using Appfigurate in an iOS Simulator, and Xcode and Swift for your app implementation. Android Emulator and real devices will differ subtly.
Appfigurate Simulator
1. Generate a new app metadata record
Tap the burger menu ≡
, Add app
.
Select your app type, e.g. iOS
. Tap the Next
button to continue.
For the URL Scheme, we suggest appending a version number, or incrementing the version number to differentiate the old and new app key versions. e.g. quickstart
‣ quickstart1
.
Tap Add
to generate a random 2048 bit RSA private key.
2. Output the new public key
Tap the burger menu ≡
, quickstart1
The edit app screen is displayed. Scroll to the correct library integration section, depending upon your app's implementation language (e.g Swift, Objective-C, Kotlin, Java).
Tap Output Implementation
, then tap Console
.
The output will appear in the macOS Console.app
. Select the iOS Simulator device in the left hand pane. Type process:appfigurate
in the search box in the top right. Copy the output public key method. e.g.
Note: your public key output to the Console in will be different to the public key in the following example.
Xcode
3. Update your APLConfiguration subclass' publicKey method
Open your APLConfiguration
subclass file in Xcode.
Paste the new publicKey
method output to the console over the top of the old publicKey
method.
4. Update Encrypted Strings
If you have any Encrypted Strings in your subclass, using the Xcode source editor extension is the easiest way to re-encrypt them all at once with the new public key.
If you have any Encrypted Strings and you neglect to perform this step, you wont be able to configure any app's built in Release
mode. (Strings encrypted with the old public key will fail to be decrypted with the new private key).
In Xcode, Tap Editor
menu ‣ Appfigurate SE
‣ Encrypt strings
. All instances of ENCRYPTED_STRING
will be updated automatically with the generated ciphertext using the new public key.
5. Update Info.plist URL Scheme
In your apps Info.plist
file (right click, Open As ‣ Source Code). Change CFBundleURLSchemes
value from quickstart
to quickstart1
.
Build and run your app.
All key rotation tasks are now complete. You can now use the quickstart
row in Appfigurate to configure any earlier version of your app, and quickstart1
row to configure the new version of your app.
Last updated