Appfigurate™️
HomeDocumentation
  • Introducing Appfigurate™️ 3
  • Getting Started
    • Getting Started
    • Examples
    • Upgrade guide
      • v1.4.0 to v2.2.0
      • v2.1.1 to v2.2.0
      • v2.2.1 to v3.0.0
      • v3.2.1 to v4.0.0
    • iOS native app integration
      • iOS app extension integration
    • watchOS app integration
      • watchOS app extension integration
    • Android native app integration
    • Mobile Flutter integration
      • Flutter iOS
      • Flutter Android
    • React Native integration
      • iOS native module integration
      • Android native module integration
      • JavaScript integration
    • Third party remote configuration providers
      • Firebase Remote Config
      • Launch Darkly
      • Other third party remote configuration providers
  • Configuration subclasses
    • Supported property types
      • Boolean
      • Integer
      • Float
      • Double
      • Plain String
      • Encrypted String
    • Custom executable actions
    • Slider icon types
  • Additional reading
    • Info.plist options
    • AndroidManifest.xml options
    • Displaying overridden configuration
    • Security
      • Best practice
      • Encryption
      • Export compliance
      • App Store compliance
      • PrivacyInfo.xcprivacy
      • Rotating your private key
  • Automation testing
    • iOS native app automation testing
    • Android native automation testing
  • API
    • iOS and watchOS API
    • Android API
    • Mobile Flutter API
    • React Native API
  • Appfigurate User Guide
    • Introduction
    • Main menu
    • Select app
    • Add app
    • Import app
    • Install example apps
    • Settings
      • Passcode Lock
      • Restore
      • Backup
      • Delete all apps and Settings
      • Analytics
    • Edit app
    • Configure app
    • Permissions
  • Appfigurate SE user guide
    • Introduction
    • Manual encryption
      • ENCRYPTED_STRING macro/function
      • ENCRYPTED_STRING_IOS_WATCHOS macro/function
    • Setup iOS Simulator app
    • Setup Android Emulator app
    • Xcode source editor extension
      • Troubleshooting
    • Real device cloud testing services
      • BrowserStack
  • LEGAL
    • License Agreement
    • Privacy Policy
    • Release History
    • Third party notices
Powered by GitBook
On this page
  • Appfigurate Simulator
  • 1. Generate a new app metadata record
  • 2. Output the new public key
  • Xcode
  • 3. Update your APLConfiguration subclass' publicKey method
  • 4. Update Encrypted Strings
  • 5. Update Info.plist URL Scheme
  1. Additional reading
  2. Security

Rotating your private key

You should rotate your private key occasionally. When you do this depends upon several factors:

  • Your companies security policy restricting the length of time private key material is valid for.

  • Your mobile app deprecation policy.

  • Your app metadata being exposed (data loss).

  • Development team members leaving your employment.

The instructions here assume you are using Appfigurate in an iOS Simulator, and Xcode and Swift for your app implementation. Android Emulator and real devices will differ subtly.

Appfigurate Simulator

1. Generate a new app metadata record

Tap the burger menu ≡, Add app.

Select your app type, e.g. iOS. Tap the Next button to continue.

For the URL Scheme, we suggest appending a version number, or incrementing the version number to differentiate the old and new app key versions. e.g. quickstart ‣ quickstart1.

Tap Add to generate a random 2048 bit RSA private key.

2. Output the new public key

Tap the burger menu ≡, quickstart1

The edit app screen is displayed. Scroll to the correct library integration section, depending upon your app's implementation language (e.g Swift, Objective-C, Kotlin, Java).

Tap Output Implementation, then tap Console.

The output will appear in the macOS Console.app. Select the iOS Simulator device in the left hand pane. Type process:appfigurate in the search box in the top right. Copy the output public key method. e.g.

Note: your public key output to the Console in will be different to the public key in the following example.

   override func publicKey() -> String {
        // E4 8B B6 25 EE 01
        return "-----BEGIN PUBLIC KEY-----\n" +
            "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD67fMex1KkP7kltlNaO\n" +
            ...
            "EQIDAQAB\n" +
            "-----END PUBLIC KEY-----\n";
    }

Xcode

3. Update your APLConfiguration subclass' publicKey method

4. Update Encrypted Strings

If you have any Encrypted Strings and you neglect to perform this step, you wont be able to configure any app's built in Release mode. (Strings encrypted with the old public key will fail to be decrypted with the new private key).

In Xcode, Tap Editor menu ‣ Appfigurate SE ‣ Encrypt strings. All instances of ENCRYPTED_STRING will be updated automatically with the generated ciphertext using the new public key.

5. Update Info.plist URL Scheme

In your apps Info.plist file (right click, Open As ‣ Source Code). Change CFBundleURLSchemes value from quickstart to quickstart1.

<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleURLName</key>
        <string>appfigurate.quickstart</string>
        <key>CFBundleURLSchemes</key>
        <array>
            <string>quickstart1</string>
        </array>
    </dict>
</array>

Build and run your app.

All key rotation tasks are now complete. You can now use the quickstart row in Appfigurate to configure any earlier version of your app, and quickstart1 row to configure the new version of your app.

PreviousPrivacyInfo.xcprivacyNextiOS native app automation testing

Last updated 5 months ago

Open your subclass file in Xcode.

Paste the new method output to the console over the top of the old method.

If you have any in your subclass, using the is the easiest way to re-encrypt them all at once with the new public key.

APLConfiguration
publicKey
publicKey
Encrypted Strings
Xcode source editor extension