javaandroidapiprivate-keyyodlee

Where to store .pem file (private key) android java


I'm trying to create a JWT using a private key stored in a .PEM file. I understand private keys shouldn't be stored in the code and you can add keys to the global gradle.properties file to avoid exposing them but if I have a .PEM file how do I access it, in my code. from my local drive.

The yodlee documentation tells me to add the path below but how does this work?

public class ConfigurationParams {

        public static final String iss = "135143514315321";

        public static final String privateKeyFile = "/Users/bob/token/priv.pem";

    }

The privateKeyFile path is passed through the file variable.

public class TokenManagement {
        @RequiresApi(api = Build.VERSION_CODES.O)
        static private String getKey(String file) {
            String privKey;
            try {
                privKey = new String(Files.readAllBytes((Paths.get(file))));
            } catch (IOException ex) {
                privKey = null;
            }
            return privKey;
        }
    }

Solution

  • It seems more of an android related question. But if you are planning to have the key on the user's device then you should not do that.

    All Yodlee APIs are IP restricted in production environment, and all API calls should be made from your server to Yodlee. Hence, you should store it at your server side not at the client side, if that's what you are trying to do.