I am developing a cross platform app that can handle payments, the online payment service issued a certificate for my use, thus i have a .pem certificate and within it there is 2 actual certificates and my private key.
The problem is that i can't seem t find how to use it safely, as it has to go in the requests to the web service of the online payment service, therefore i have to include it in my mobile app package, but if anybody opens the package he or she will instantly have access to the private key.
How can i manage this situation?
PS. i called the company and they say i have to include it in the certificate vault of the device's platform, which still puts it in the package users will have to download from any of the appstores.
Aucun commentaire:
Enregistrer un commentaire