Integrate OneSpan Mobile Application Shielding
  • 23 Oct 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Integrate OneSpan Mobile Application Shielding

  • Dark
    Light
  • PDF

Article summary

OneSpan Mobile Application Shielding is available as a OneSpan SDK for Android and iOS applications. Integrating the OneSpan Mobile Application Shielding SDK in your application involves the following steps:

  1. Configuring the application

  2. Generating the application

  3. Binding the application

  4. Signing the application

Refer to the respective Android/iOS OneSpan Mobile Application Shielding Integration Guide for steps 1. - 3.

Signing the application

After binding your application with the OneSpan Mobile Application Shielding SDK, the final application needs to be re-signed prior to deployment. Depending on the device platform, different steps are necessary for re-signing the final application.

Signing the AAB binary for Android

To sign your Android binary, you need to follow the steps below.

To sign the AAB file

  • Execute the following command:

    jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore KEYSTORE-FILE-PATH -storepass KEYSTORE-PASSWORD -keypass PRIVATE-KEY-PASSWORDAAB-FILE-PATHALIAS-NAME

    where:

    KEYSTORE-FILE-PATH is the path of the keystore which contains the private key used to sign your Android binary.

    KEYSTORE-PASSWORD is the password that protects your keystore.

    PRIVATE-KEY-PASSWORD is the password that protects your private key.

    AAB-FILE-PATH is the path of the AAB file.

    ALIAS-NAME is the name of the alias that represents the signer's private key and certificate data within the KeyStore.

Signing the APK application for Android

To sign your Android application, you need to follow the steps below.

To align the APK file

  • Execute the following command:

    CUSTOMIZATION-TOOL-PATH/lib/android/zipalign_OS -v 4 APK-FILE-PATH-TO-ALIGNAPK-FILE-PATH-FINAL

    where:

    CUSTOMIZATION-TOOL-PATH is the path of the Customization Tool.

    OS is the operating system where the command is executed (LINUX, MAC or WINDOWS.exe).

    APK-FILE-PATH-TO-ALIGN is the path of the APK file to align.

    APK-FILE-PATH-FINAL is the path of the APK file ready to be signed.

To sign the APK file

  • Execute the following command:

    CUSTOMIZATION-TOOL-PATH/lib/android/apksigner_OS sign --verbose --ks KEYSTORE-FILE-PATH --ks-key-alias ALIAS-NAME --ks-pass pass:KEYSTORE-PASSWORD --key-pass pass:PRIVATE-KEY-PASSWORDAPK-FILE-PATH

    where:

    CUSTOMIZATION-TOOL-PATH is the path of the Customization Tool.

    KEYSTORE-FILE-PATH is the path of the keystore which contains the private key used to sign your Android application.

    ALIAS-NAME is the name of the alias that represents the signer's private key and certificate data within the KeyStore.

    KEYSTORE-PASSWORD is the password that protects your keystore.

    PRIVATE-KEY-PASSWORD is the password that protects your private key.

    APK-FILE-PATH is the path of the aligned APK.

Signing the application for iOS

To re-sign the application, you need to extract the app folder from your IPA file. Convert this IPA file into a zip file:

To extract the app folder

  • Convert the IPA file into a zip file by exchanging the file name extensions.

  • Extract the content of the zip file. The app folder is located in the Payload folder.

To sign the app folder

  • Execute the following commands:

    codesign --verbose --force --sign 'SIGNING-IDENTITY' APP-FOLDER-PATH/Frameworks/<BUNDLE-ID-SUFFIX>x.framework

    codesign --verbose --force --sign 'SIGNING-IDENTITY' --entitlements XCENT-FILE-PATHAPP-FOLDER-PATH

    where:

    SIGNING-IDENTITY is the name of the certificate used to sign your iOS application, as displayed in the Keychain Access application (e.g. iPhone Developer: FirstName LastName (xxxxxxxxxx)).

    XCENT-FILE-PATH is the path of the XCENT file. The XCENT file is generated by the customization file and is located in release/ios.

    APP-FOLDER-PATH is the path of the app folder bound with the OneSpan Mobile Application Shielding SDK by OneSpan. The application folder name has the format APPLICATION-NAME.app.

The certificate used to sign the application must be the same that was used when configuring the application via the the OneSpan Customer Portal.

To recreate the IPA file

  • Create a Payload folder and copy the app folder into this directory.

  • Compress the payload file and convert it by changing the file name extension to .ipa.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant