where to store cryptographic keys

https://stackoverflow.com/questions/22912756

PHP
ios
android
key-management
mcrypt

29-06-2023
|

Question

I am inviting a temporary worker to write a part of my app for iPhone. Much of the data is encrypted using mcrypt. The data is generated on Android or iPhone and decrypted in php, and vice-versa.

Is there any way the temporary worker can do his task without knowing the crypto keys and salt?

Solution

Well, this is a part of much bigger question -- "how to put developers off from production"

You can create "development" version of Your website with another keys part and "development" version of apps which operate with it.

Give this "development" pair to your temporary worker and let him to do his job. You will release application with "release" keys, which should be kept in secret.

P.S. and if You're speaking just about apk signing-keys -- let developer make self-signed apps and don't give them keys )

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow