SSL Pinning Pin Set property

Official Content
This documentation is valid for:
Specifies SSL Pinning Pin Set values to validate HTTPS connection from devices to the server.

Scope

Objects: Menu for Smart Devices, Panel for Smart Devices, Work With for Smart Devices
Generators: Android, Apple

Description

The SSL Pinning Pin Set defines the server's public key hash (pin sha-256). The Android generator allows defining a single key hash, while the Apple generator requires at least 2 key hashes. In both cases, having more than one hash configured is recommended.

If this property has a value, a Certificate pinning is performed by the device when it is connected to the server set in the Services URL property.

Certificate pinning is done by providing a set of certificates by hash of the public key (SubjectPublicKeyInfo of the X.509 certificate). A certificate chain is then valid only if the certificate chain contains at least one of the pinned public keys.

Important: To be able to set this property for a Panel object, Work With for Smart Devices object or Menu object its Main program property must be set to True.


More Info:

OWASP Certificate and Public Key Pinning

 

Run-time/Design-time

This property applies only at design-time.

Samples

For example, in the case of the server apps5.genexus.com the key hash is as follows:

"LjCcH/Lyd5M5T2ulEMxYhqS7JkgJmCzUf1fxoYzy5D4="

One key hash is always a 44-character long string.

How to apply changes

To apply the corresponding changes when the property value is configured, Build a main object.

Compatibility

Available for Apple as of Genexus 17 upgrade 1.

Availability

This property is available since GeneXus 16 upgrade 6.

See Also

OWASP Certificate and Public Key Pinning
Android Developer Security Certificate Pinning
Services URL property