May I use SHA256 key dynamic instead of paste it in network_security_config file

datatheorem / TrustKit-Android

Easy SSL pinning validation and reporting for Android.

MIT License

585 stars 87 forks source link

May I use SHA256 key dynamic instead of paste it in network_security_config file #104

Open microcian opened 1 year ago

microcian commented 1 year ago

I need to secure the key as well as security of the project If I paste the key in network_security_config file it can be hacked using reverse engineering so How can i secure it more.?

rogergcc commented 1 year ago

Hi microcian. why u need a key . i supposed that truskit do automatic

i found an example using by code

about dynamic i want a dynamic way to not to updated my app each 5 months(left certificat pin expiration)

rogergcc commented 1 year ago

i testing with the file but support only from Android 7 +

for below now using code way with okhttp, retrofit .certificatePinner

rogergcc commented 1 year ago

it can be hacked using reverse engineering so How can i secure it more

u tested that can be hacked? test this cases key in buidconfig key in sharepreferences key in database room or sqlite