Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Pinning public key in my app

Tags:

android

public

pinning

I am pinning public key in my app as part of security measures, for that I have extracted public key from my PEM certificate which looks like

-----BEGIN PUBLIC KEY-----
MIIBIj....IDAQAB
-----END PUBLIC KEY-----

However in sample code of OWASP, we do see code to compare DER encoded public key,

// DER encoded public key
private static String PUB_KEY = "30820122300d06092a864886f70d0101"
+ "0105000382010f003082010a0282010100b35ea8adaf4cb6db86068a836f3c85"
+ "5a545b1f0cc8afb19e38213bac4d55c3f2f19df6dee82ead67f70a990131b6bc"
+ "ac1a9116acc883862f00593199df19ce027c8eaaae8e3121f7f329219464e657"
+ "2cbf66e8e229eac2992dd795c4f23df0fe72b6ceef457eba0b9029619e0395b8"
+ "609851849dd6214589a2ceba4f7a7dcceb7ab2a6b60c27c69317bd7ab2135f50"
+ "c6317e5dbfb9d1e55936e4109b7b911450c746fe0d5d07165b6b23ada7700b00"
+ "33238c858ad179a82459c4718019c111b4ef7be53e5972e06ca68a112406da38"
+ "cf60d2f4fda4d1cd52f1da9fd6104d91a34455cd7b328b02525320a35253147b"
+ "e0b7a5bc860966dc84f10d723ce7eed5430203010001";

I know DER is a binary format, however not sure how author converted or extracted above format? when I convert into DER it is having raw bytes not like above format. Do anyone has pointer around this?

Alternate approach can be, Sample code,

//Hack ahead: BigInteger and toString(). We know a DER encoded Public Key begins
//with 0x30 (ASN.1 SEQUENCE and CONSTRUCTED), so there is no leading 0x00 to drop.
RSAPublicKey pubkey = (RSAPublicKey) chain[0].getPublicKey();
String enc

oded = new BigInteger(1 /* positive */, pubkey.getEncoded()).toString(16);

If I convert "encoded" variable base64 PEM public key format. How to do it in Android?

Any help would be appreciated

like image 969
Pankaj Avatar asked Feb 23 '15 05:02

Pankaj

People also ask

How does public key pinning work?

Pinning is the process of associating a host with their expected X509 certificate or public key. Once a certificate or public key is known or seen for a host, the certificate or public key is associated or 'pinned' to the host.

What is certificate and public key pinning in mobile application?

Public key pinning is used so that we can check if the public key of the cert that our server is issuing is changed or not. source. A certificate is valid if its public key SHA is the one which we have "pinned" in our application.

What is mobile pinning?

You can pin an app's screen to keep it in view until you unpin it. For example, you can pin an app and hand your phone to a friend. With the screen pinned, your friend can use only that app. To use your other apps again, you can unpin the screen.

1 Answers

Below line solved my problem:

String base64Encoded = Base64.encodeToString(pubkey.getEncoded(), Base64.DEFAULT).
    replaceAll("\n", "");
like image 195
Pankaj Avatar answered Sep 28 '22 02:09

Pankaj
Sign in to Comment

Related questions

Starting a Foreground Service in Activity
Hardware buttons is not clickable in Android emulator
How to add red wavy line below text in Android's TextView
How to display an image in full screen on click in the ImageView?
Images in the 'drawable' folder are resized automatically?
How to get list of recent apps with Android API 21 Lollipop?
Android Volley library not working with 204 and empty body response
android:layout_below not properly working
Javascript injection into webview
Android Studio Unknown Emulator running and can't be terminated
TeamCity : How to create a delay between build steps
Saved Bitmap is black
RecyclerView android: Getting an item at a particular position
Android AIDL with Java generics
Is android:showAsAction deprecated?
Viewpager's indicator is not moving
Can't get map with Google Maps V2 MapView
TextView scrolling is resetting when I update a different TextView from the same ListView row
How to convert string into unicode in android
AndroidJunit4.class runner in Android Studio does not invoke @Test methods

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!