How to get the certificate Public Key String “Convert SecKeyRef from to NSString” iOS, and if this key string similar in all platforms?

Question

I have to make Certificate Pinning in my iOS app and to make that there is 2 options 1- check on certificate as it is 2- check on public key of the certificate only

in my case, my app connect to a backend server all the time and when the user try to login the app should login on another server for some security issue, also this server may be changed according to user type

so my backend server sends to me some urls with server certificate public key string for each login url server, and I have to check on the similarity of the key when the user login

also this app is done for iOS and Android,

My question can I get the public key (as a string) from the login server certificate to match it the stored one Also is that key will be similar to the one on the android?, so the back end server sends only one key for me and android ?

Answer 1

As I understand,

1. There is a certificate stored in your APP.

   You can store your public key in keychain and use it. Use "SecItemAdd" to add certificate to your application keychain. Once stored, you should be able to copy the Public key using "SecItemCopyMatching" method.

2. When the user logs in, The app gets a URL to new certificate.

3. If the certificate is different then you need to download and use the new certificate.

   For point 2 and 3, either ways we would need the key data to be downloaded. So, download the certificate every time, retrieve the public key. We cannot do a string compare, however it should be possible to do a byte comparison to check for equality. If not equal, replace the certificate with downloaded one using, "SecItemUpdate".

4. Will this be same on iOS and Android?

   I hope the certificates are used for secure transmission/PKI. So, the same public key would work for iOS and android.