-1

I am trying to implement SSL pinning for Swedish bankid in my react-native app but didn't find any working solution. I have tried the following link: 1.https://github.com/localz/react-native-pinch but no luck 2.https://www.npmjs.com/package/react-native-ssl-pinning also no luck :(

Meraj Khan
  • 39
  • 1
  • 7

1 Answers1

1

Possible HowTo's

I am trying to implement SSL pinning for Swedish bankid in my react-native app but didn't find any working solution.

You can take a look to this series of blog posts about implementing certificate pinning with React Native for Android and iOS:

Enhance React Native’s networking API protection on Android and iOS without touching your Javascript code or manually editing the native code projects.

The articles are based on this Github repo, that contains the code for Android and iOS implementations:

react-native-cert-pinner

This package manages TLS certificate pinning in react-native for Android and iOS.

Going the Extra Mile

It seems that you are concerned about mobile app security, does I would recommend you to take a look into:

OWASP Mobile Security Project - Top 10 risks

The OWASP Mobile Security Project is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Through the project, our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation.

Community
  • 1
  • 1
Exadra37
  • 11,244
  • 3
  • 43
  • 57
  • Thanks for the answer. your suggestion didn't work. finally, I came to the point that cert pinning is not a good practice at the app level. It should be implemented at the server side – Meraj Khan May 11 '19 at 11:06
  • Certificate pinning is definitely a good practice at App level and a MUST to reinforce security, not easy to achieve. Why have you not been able to use the Github project? You can open another question telling exactly what have not worked, and I can try to help you. – Exadra37 May 13 '19 at 09:21
  • Actually, SSL certificate generally has some expiry date once It will expire your application will not work. But if you integrate app API level then your application will not be bothered about the expiry of SSL.BTW while pinning certificate at App level I am getting SSL handshake exception. – Meraj Khan May 15 '19 at 11:09
  • Certificate Pinning in the mobile app side is necessary to protect your https requests from a man in the middle attack. And yes Certificate have expired date, that is why you do certificate pinning against the public key of the certificate. Please read the articles I linked. – Exadra37 May 15 '19 at 12:45
  • BTW you haven't t answer why SSL handshake exception is coming? – Meraj Khan May 17 '19 at 06:40
  • I cannot explain that without seeing the code you are using. please open a new StackOverflow question with a minimal and reproducible code example. – Exadra37 May 20 '19 at 09:33