Mobile/Projects/APK Factory/Meeting 2013 12 9

12/9 APK Factory Service - Certificate Storage HSM is meant for a small # of keys What does APK buy us? Verify if you can update an app from a different key? Android SDK If we Trunion already supports Java Keystores Risk assesment - encrypt the keystores, have a decrypter key on disk software HSM, basically HSM - additional security 3 cases - generate key on the machine - software HSM - hardware HSM HSM - private key - encrypt on disk store on disk encrypted Number of keys - limited of signatures per second hundereds per second - is okay [ ] Is the Marketplace signature removed from the APK? [ ] Does Desktop have support for verifing signatures?