Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

May I use SHA256 key dynamic instead of paste it in network_security_config file #104

Open
microcian opened this issue Feb 22, 2023 · 3 comments
Open

May I use SHA256 key dynamic instead of paste it in network_security_config file #104

microcian opened this issue Feb 22, 2023 · 3 comments

Comments

@microcian
Copy link

I need to secure the key as well as security of the project If I paste the key in network_security_config file it can be hacked using reverse engineering so How can i secure it more.?
@microcian microcian changed the title May I place SHA256 dynamic instead of under network_security_config file May I use SHA256 key dynamic instead of paste it in network_security_config file Feb 22, 2023
@rogergcc
Copy link

rogergcc commented Apr 13, 2023
edited

Hi microcian.
why u need a key . i supposed that truskit do automatic

i found an example using by code
image

about dynamic i want a dynamic way to not to updated my app each 5 months(left certificat pin expiration)

@rogergcc
Copy link

rogergcc commented Apr 23, 2023
edited

i testing with the file but support only from Android 7 +

for below
now using code way with okhttp, retrofit
.certificatePinner

@rogergcc
Copy link

it can be hacked using reverse engineering so How can i secure it more

u tested that can be hacked?
test this cases
key in buidconfig
key in sharepreferences
key in database room or sqlite

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@microcian @rogergcc