Menu
I am using JWT for authentication. I use a signingKey to encode my token. I want to store the signingKey in a safe place on the client side (avoid hard coding it). I was hoping to use android key store for that; but so far, I have only managed to create a key store using the JDK keytool to sign my app.
My question is: is there any way I can store a key inside the key store associated with my app, prior to its deployment on the device so that I can retrieve the key inside the app and use it to sign the JWT?
If not, what are my other options?
I developing on Xamarin. My backend is ASP .Net, deployed on Azure.
240
I don't know how to do it using a key store inside the App. But I have done it by storing it inside a JAR/.SO file. This gets obfuscated inside the App and is not available via reverse engineering.
Though this method solves only reverse engineering problem, the best solution would be to do with the server to avoid the network interception problem
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
