1

What I am doing?
- I am building an application where users signIn with Google in order to use my App.
- Since Server has no idea is request is coming from a device, a trust mechanism is needed in order to handshake.
- I created pair (private key, public key) using RSA algorithm. The intent is that public key will be staying on device(with application).
- Once user signs in, application encrypts user information with public key and sends to server using REST API. The server validates and inturn returns a token, that client(iPhone app) can reuse to communicate further with server.

Question
- Since I am new to developing iOS(or any mobile) application, I wanted to know where this public key will be stored in my iOS application

daydreamer
  • 87,243
  • 191
  • 450
  • 722
  • possible duplicate of [Best practices for iOS applications security](http://stackoverflow.com/questions/9448632/best-practices-for-ios-applications-security) – Sam B Jul 14 '14 at 01:05
  • Generating a key pair on the device and then sending the **private** key to the server is completely against the principles of the asymmetric crypto. – Oleg Estekhin Jul 14 '14 at 05:45
  • pair would be generated one time by me and hardcode public key on server and private key on app. Does that sounds incorrect? – daydreamer Jul 14 '14 at 13:04
  • might be helpful : http://stackoverflow.com/questions/10222524/rsa-implementations-in-objective-c – Maulik Jul 14 '14 at 14:40

0 Answers0