Encrypted Bundles
End-to-end Encryption
Starting with version 4.15.0 the plugin allows you to send encrypted updates.
Step 1: Create a private key
npx @capgo/cli key createStep 2: Create and zip your bundle
npx @capgo/cli bundle zip [appId] --key-v2 --jsonThe --key-v2 flag uses the new encryption system with better checksums, and the --json flag will output the bundle information including the checksum that you’ll need for encryption.
Step 3: Encrypt your bundle
npx @capgo/cli encrypt [path/to/zip] [checksum]The checksum parameter is the SHA256 checksum generated by the zip command in step 2. The encrypt command will return an ivSessionKey and generate an encrypted checksum.
Step 4: Use in your update payload
{"version": "1.2.3","url": "https://myserver.com/app/updates/my-new-app-2.0.0.zip","session_key": "encrypted_session_key","checksum": "encrypted_checksum_from_encrypt_command"}The session_key is the ivSessionKey returned by the encrypt command, and the checksum is the encrypted checksum generated during encryption (not the original checksum from the zip command).
Then your app will be able to use the private key to decrypt the session_key and use the decrypted session_key to decrypt the update. The encrypted checksum ensures bundle integrity verification.