Skip to content
Expo Edge OTA

Code Signing

For security, we recommend signing your updates. This ensures that only updates signed by your private key can be executed by the app.

1. Generating a Keypair

Section titled “1. Generating a Keypair”

You can generate an RSA keypair using OpenSSL:

Terminal window
openssl genrsa -out private-key.pem 2048
openssl rsa -in private-key.pem -pubout -out public-key.pem

2. Adding Public Key to app.json

Section titled “2. Adding Public Key to app.json”

Add the public key (as a single line) and metadata to your app.json:

{
  "expo": {
    "updates": {
      "codeSigningCertificate": "./path-to-public-key.pem",
      "codeSigningMetadata": {
        "keyid": "main",
        "alg": "rsa-v1_5-sha256"
      }
    }
  }
}