Rotating your private key

You should rotate your private key occasionally. When you do this depends upon several factors:

  • Your companies security policy restricting the length of time private key material is valid for.

  • Your mobile app deprecation policy.

  • Your app metadata being exposed (data loss).

  • Development team members leaving your employment.

The instructions here assume you are using Appfigurate in an iOS Simulator, and Xcode and Swift for your app implementation. Android Emulator and real devices will differ subtly.

Appfigurate Simulator

1. Generate a new app metadata record

Tap the burger menu , Add app.

Select your app type, e.g. iOS. Tap the Next button to continue.

For the URL Scheme, we suggest appending a version number, or incrementing the version number to differentiate the old and new app key versions. e.g. quickstartquickstart1.

Tap Add to generate a random 2048 bit RSA private key.

2. Output the new public key

Tap the burger menu , quickstart1

The edit app screen is displayed. Scroll to the correct library integration section, depending upon your app's implementation language (e.g Swift, Objective-C, Kotlin, Java).

Tap Output Implementation, then tap Console.

The output will appear in the macOS Console.app. Select the iOS Simulator device in the left hand pane. Type process:appfigurate in the search box in the top right. Copy the output public key method. e.g.

Note: your public key output to the Console in will be different to the public key in the following example.

   override func publicKey() -> String {
        // E4 8B B6 25 EE 01
        return "-----BEGIN PUBLIC KEY-----\n" +
            "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD67fMex1KkP7kltlNaO\n" +
            ...
            "EQIDAQAB\n" +
            "-----END PUBLIC KEY-----\n";
    }

Xcode

3. Update your APLConfiguration subclass' publicKey method

Open your APLConfiguration subclass file in Xcode.

Paste the new publicKey method output to the console over the top of the old publicKey method.

4. Update Encrypted Strings

If you have any Encrypted Strings in your subclass, using the Xcode source editor extension is the easiest way to re-encrypt them all at once with the new public key.

If you have any Encrypted Strings and you neglect to perform this step, you wont be able to configure any app's built in Release mode. (Strings encrypted with the old public key will fail to be decrypted with the new private key).

In Xcode, Tap Editor menu ‣ Appfigurate SEEncrypt strings. All instances of ENCRYPTED_STRING will be updated automatically with the generated ciphertext using the new public key.

5. Update Info.plist URL Scheme

In your apps Info.plist file (right click, Open As ‣ Source Code). Change CFBundleURLSchemes value from quickstart to quickstart1.

<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleURLName</key>
        <string>appfigurate.quickstart</string>
        <key>CFBundleURLSchemes</key>
        <array>
            <string>quickstart1</string>
        </array>
    </dict>
</array>

Build and run your app.

All key rotation tasks are now complete. You can now use the quickstart row in Appfigurate to configure any earlier version of your app, and quickstart1 row to configure the new version of your app.

Last updated