Encrypted Bundles

此内容尚不支持你的语言。

End-to-end Encryption

Starting with version 4.15.0 the plugin allows you to send encrypted updates.

Step 1: Create a private key

npx @capgo/cli key create

Step 2: Create and zip your bundle

npx @capgo/cli bundle zip [appId] --key-v2 --json

The --key-v2 flag uses the new encryption system with better checksums, and the --json flag will output the bundle information including the checksum that you’ll need for encryption.

Step 3: Encrypt your bundle

npx @capgo/cli encrypt [path/to/zip] [checksum]

The checksum parameter is the SHA256 checksum generated by the zip command in step 2. The encrypt command will return an ivSessionKey and generate an encrypted checksum.Remember to rename ivSessionKey key as session_key in the update payload.

Step 4: Use in your update payload

{
"version": "1.2.3",
"url": "https://myserver.com/app/updates/my-new-app-2.0.0.zip",
"session_key": "encrypted_session_key",
"checksum": "encrypted_checksum_from_encrypt_command"
}

The session_key is the ivSessionKey returned by the encrypt command, and the checksum is the encrypted checksum generated during encryption (not the original checksum from the zip command).

Then your app will be able to use the private key to decrypt the session_key and use the decrypted session_key to decrypt the update. The encrypted checksum ensures bundle integrity verification.

Learn More

End-to-End Encryption Guide Deep dive into how Capgo's encryption system works with RSA + AES cryptography

Self-hosted Live Updates Complete workflow for setting up self-hosted updates