Skip to content

Latest commit

 

History

History
64 lines (48 loc) · 2.39 KB

code-signing.md

File metadata and controls

64 lines (48 loc) · 2.39 KB

Code signing

Code signing is a security feature that helps ensure the integrity and authenticity of your app updates. It means no attacker can alter your bundled code sent to AppZung.

Configure your release process

Generate the key pair:

# generate private RSA key
openssl genrsa -out private_codepush_signing_key.pem
# export public key
openssl rsa -pubout -in private_codepush_signing_key.pem -out public_codepush_signing_key.pem

Store the private key securely.

In the appzung releases deploy-react-native command that you run during your release process, add the --private-key-path flag pointing to the private key path. You should see Code signing: true in the confirmation text in interactive mode.

After following the setup for your app below, if you previously sent a CodePush release without code-signing (the --private-key-path CLI flag), it is expected that when you check for updates CodePush doesn't present you this update, since it now expects a code signed release. Make sure when you test your integration that you sent a code-signed release.

Setup Android

Add the CodePushSigningPublicKey string resource in /android/app/src/main/res/values/strings.xml. It may look like this:

<resources>
   <string name="app_name">my_app</string>
   <string name="CodePushSigningPublicKey">-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSR9lkGzZ4FR0lxF+ZA
P6jJ8+Xi5L601BPN4QESoRVSrJM08roOCVrs4qoYqYJy3Of2cQWvNBEh8ti3FhHu
tiuLFpNdfzM4DjAw0Ti5hOTfTixqVBXTJPYpSjDh7K6tUvp9MV0l5q/Ps3se1vud
M1/X6g54lIX/QoEXTdMgR+SKXvlUIC13T7GkDHT6Z4RlwxkWkOmf2tGguRcEBL6j
ww7w/3g0kWILz7nNPtXyDhIB9WLH7MKSJWdVCZm+cAqabUfpCFo7sHiyHLnUxcVY
OTw3sz9ceaci7z2r8SZdsfjyjiDJrq69eWtvKVUpredy9HtyALtNuLjDITahdh8A
zwIDAQAB
-----END PUBLIC KEY-----</string>
</resources>

Setup iOS

Add record in Info.plist with name CodePushSigningPublicKey and string value of public key content. Example:

<plist version="1.0">
  <dict>
    <!-- ...other configs... -->

    <key>CodePushSigningPublicKey</key>
    <string>-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANkWYydPuyOumR/sn2agNBVDnzyRpM16NAUpYPGxNgjSEp0etkDNgzzdzyvyl+OsAGBYF3jCxYOXozum+uV5hQECAwEAAQ==
-----END PUBLIC KEY-----</string>

    <!-- ...other configs... -->
  </dict>
</plist>