Certificate Pinning on iOS 14

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi in this video i will show you how to enable certificate pinning for your ios 14 application in this case my application was built with the sap bdp sdk for ios and it connects with only one back end with the sap mobile services which then in the end will proxy to various backends so we only have to pin against one public key this is from mobile services how to obtain this is with this openssl command and we will copy out the base64 encoded digest and now apple provides with the security framework for ios 14 a new property list key ns pin domains which allows us to specify the domain as well as the base64 encoded digest of that public key so how to test this because if i have my application and i did the changes then the communication works as expected still because there is no man in the middle attack but how to simulate this we i am using there for the um charles proxy tool i and i'm enabling ssl proxy and now i would expect that the communication gets rejected because it's a man-in-the-middle attack which i simulate and as you can see it works certificate pinning in a simplified way provided by apple with ios 14 i hope you now understand how to leverage this in your ios application

Info

Channel: Marco Eidinger

Views: 658

Rating: undefined out of 5

Keywords: iOS, certificate pinning, mobile security

Id: IK5dD921zaQ

Channel Id: undefined

Length: 2min 1sec (121 seconds)

Published: Thu May 27 2021