How can I securely deploy a certificate and pin?

I've got an idea for an app, but I'd need the ability to deploy a cert and pin that I can secure in mobile applications. Is there a way to do this at installation time without user intervention beyond access permissions? The idea is to protect, not just obfuscate these resources from determined parties who'd want to extract the cert and pin then use them to simulate valid clients accessing my service.

Answered by DTS Engineer in 409260022

What you’re trying to implement here is DRM, in that you want to give the user something (your certificate [1] and a PIN) but restrict how they use it. For my thoughts on DRM, see this post.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

[1] I presume you’re talking about a digital identity here, that is, the combination of a certificate and the private key that matches the public key in that certificate. A certificate by itself just contain a public key and there’s generally no need to protect that.

Accepted Answer

What you’re trying to implement here is DRM, in that you want to give the user something (your certificate [1] and a PIN) but restrict how they use it. For my thoughts on DRM, see this post.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

[1] I presume you’re talking about a digital identity here, that is, the combination of a certificate and the private key that matches the public key in that certificate. A certificate by itself just contain a public key and there’s generally no need to protect that.

How can I securely deploy a certificate and pin?
 
 
Q