# Rotating your private key

You should rotate your private key occasionally. When you do this depends upon several factors:

* Your companies security policy restricting the length of time private key material is valid for.
* Your mobile app deprecation policy.
* Your app metadata being exposed (data loss).
* Development team members leaving your employment.

{% hint style="info" %}
The instructions here assume you are using Appfigurate in an iOS Simulator, and Xcode and Swift for your app implementation. Android Emulator and real devices will differ subtly.
{% endhint %}

## Appfigurate Simulator 

### 1. Generate a new app metadata record

Tap the burger menu `≡`, `Add app`.

Select your app type, e.g. `iOS`. Tap the `Next` button to continue.

For the URL Scheme, we suggest appending a version number, or incrementing the version number to differentiate the old and new app key versions. e.g. `quickstart` ‣ `quickstart1`.

Tap `Add` to generate a random 2048 bit RSA private key.

### 2. Output the new public key

Tap the burger menu `≡`, `quickstart1`

The edit app screen is displayed. Scroll to the correct library integration section, depending upon your app's implementation language (e.g Swift, Objective-C, Kotlin, Java).

Tap `Output Implementation`, then tap `Console`.

The output will appear in the macOS `Console.app`. Select the iOS Simulator device in the left hand pane. Type `process:appfigurate` in the search box in the top right. Copy the output public key method. e.g.

{% hint style="info" %}
**Note:** your public key output to the Console in will be different to the public key in the following example.
{% endhint %}

```swift
   override func publicKey() -> String {
        // E4 8B B6 25 EE 01
        return "-----BEGIN PUBLIC KEY-----\n" +
            "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD67fMex1KkP7kltlNaO\n" +
            ...
            "EQIDAQAB\n" +
            "-----END PUBLIC KEY-----\n";
    }
```

## Xcode

### 3. Update your APLConfiguration subclass' publicKey method

Open your [<mark style="color:blue;">`APLConfiguration`</mark>](https://www.electricbolt.co.nz/api/Classes/APLConfiguration.html) subclass file in Xcode.

Paste the new [<mark style="color:blue;">`publicKey`</mark>](https://www.electricbolt.co.nz/api/Classes/APLConfiguration.html#/c:objc\(cs\)APLConfiguration\(im\)publicKey) method output to the console over the top of the old [<mark style="color:blue;">`publicKey`</mark>](https://www.electricbolt.co.nz/api/Classes/APLConfiguration.html#/c:objc\(cs\)APLConfiguration\(im\)publicKey) method.

### 4. Update Encrypted Strings

If you have any [Encrypted Strings](/configuration-subclasses/supported-property-types/encrypted-string.md) in your subclass, using the [Xcode source editor extension](/appfigurate-se-user-guide/xcode-source-editor-extension.md) is the easiest way to re-encrypt them all at once with the new public key.&#x20;

{% hint style="info" %}
If you have any Encrypted Strings and you neglect to perform this step, you wont be able to configure any app's built in `Release` mode. (Strings encrypted with the old public key will fail to be decrypted with the new private key).
{% endhint %}

In Xcode, Tap `Editor` menu ‣ `Appfigurate SE` ‣ `Encrypt strings`. All instances of `ENCRYPTED_STRING` will be updated automatically with the generated ciphertext using the new public key.

### 5. Update Info.plist URL Scheme

In your apps `Info.plist` file (right click, Open As ‣ Source Code). Change `CFBundleURLSchemes` value from `quickstart` to `quickstart1`.

```xml
<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleURLName</key>
        <string>appfigurate.quickstart</string>
        <key>CFBundleURLSchemes</key>
        <array>
            <string>quickstart1</string>
        </array>
    </dict>
</array>
```

Build and run your app.

{% hint style="success" %}
All key rotation tasks are now complete. You can now use the `quickstart` row in Appfigurate to configure any earlier version of your app, and `quickstart1` row to configure the new version of your app.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.electricbolt.co.nz/additional-reading/security/rotating-your-private-key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.