Apple Developer News and Updates feed provided by Apple, Inc.
February 12, 2021
The Apple Developer Forums are a great place to connect with fellow developers and Apple engineers as you give and receive help on development topics. And now, it’s easier to find and keep track of content you’re interested in. Take advantage of enhanced search and a new feature that monitors threads for you and sends you an email each time there’s a reply.
You can help people create more vivid and true-to-life video when you support high dynamic range (HDR) in your app. And when you support HDR with Dolby Vision, people with iPhone 12 or iPhone 12 Pro can go even further and shoot, edit, and play cinema-grade videos right from their device. Dolby Vision tuning is provided dynamically to each frame, preserving the intended look of the original shots.
Here’s how you can provide the best HDR video playback, editing, and export experience.
Your app needs to support iOS 14.1 or later to take advantage of HDR video. To begin, we recommend reviewing a few WWDC sessions which provide a good overview of the process.
Discover how to author and export high dynamic range (HDR) content in your app using AVFoundation. Learn about high dynamic range and how you can take advantage of it in your app. We’ll show you how to implement feature sets that allow people to export HDR content, go over supported HDR formats,…
Find out how you can support HDR editing and playback in your macOS app, and how you can determine if a specific hardware configuration is eligible for HDR playback. We’ll show you how to use AVMutableVideoComposition with the built-in compositor and easily edit HDR content, explain how you can use…
Note: iPhone 12 and iPhone 12 Pro record HDR video in Dolby Vision Profile 8.4, Cross-compatibility ID 4 (HLG) format, using an HEVC (10-bit) codec. This format is designed to be backwards compatible with HLG, allowing existing HEVC decoders to decode as HLG. Video is recorded by the Camera app as a QuickTime File Format (QTFF) movie (.mov extension). Signaling for Dolby Vision in a QTFF movie is similar to signaling in Dolby Vision Streams within the ISO base media file format.
Learn more about Dolby Vision Profiles
Learn more about Dolby Vision Levels
Learn more about Dolby Vision Streams
Both iOS and macOS support HDR video playback on all eligible devices. Use eligibleForHDRPlayback on AVPlayer to check for HDR playback support on the current device. In general, the classes AVPlayer, AVPlayerlayer, or AVSampleBufferDisplayLayer can be used to play Dolby Vision video. If your app uses AVPlayer, you don’t need to add anything additional to your code: The AVFoundation framework automatically sets up an HDR playback pipeline to handle Dolby Vision Profile 8.4 if it detects an asset in Dolby Vision and the device supports HDR playback.
If your app usesAVSampleBufferDisplayLayer to render video, make sure any sample buffers passed to the sample buffer display layer are in formats suitable for HDR and carry Dolby Vision Profile 8.4 per-frame metadata. These sample buffers need to have 10-bit or higher bit-depth. A commonly used 10-bit format is 4:2:0 Y’CbCr video range, represented by kCVPixelFormatType_420YpCbCr10BiPlanarVideoRange. The associated OSType for this pixel format is ’x420’.
If your sample buffers are decoded using VTDecompressionSession, you can carry the Dolby Vision Profile 8.4 per-frame metadata in the buffers by using kVTDecompressionPropertyKey_PropagatePerFrameHDRDisplayMetadata. This value is true by default.
Asset inspection
AVMediaCharacteristic provides options for specifying media type characteristics, including whether a video includes HDR metadata. You can use the Swift media characteristic containsHDRVideo to identify whether any segment of a track contains HDR so that your app can render it correctly. In Objective-C, you can use AVMediaCharacteristicContainsHDRVideo, defined in AVMediaFormat.h.
After loading the tracks property using the Swift method loadValuesAsynchronously(forKeys:completionHandler:), you can get HDR tracks using tracks(withMediaCharacteristic:). Here’s how you might get all desired HDR tracks:
let hdrTracks = asset.tracks(withMediaCharacteristic: .containsHDRVideo)In a similar fashion, you can use the Objective-C method loadValuesAsynchronouslyForKeys:completionHandler: to load the tracks property and obtain the HDR tracks with the method tracksWithMediaCharacteristic:, like so:
NSArray<AVAssetTrack *> *hdrTracks = [asset tracksWithMediaCharacteristic:AVMediaCharacteristicContainsHDRVideo];The hasMediaCharacteristic(_:) method can be used to track media characteristics, such as HDR media type, format descriptions, or explicit tagging. For example:
if track.hasMediaCharacteristic(.containsHDRVideo){ }In Objective-C, you can use the same hasMediaCharacteristic: method for explicit tagging, as demonstrated here:
if([track hasMediaCharacteristic:AVMediaCharacteristicContainsHDRVideo]){ }To add HDR content editing to your application, use AVVideoComposition. If you’re using the built-in compositor, you can also use the Swift initializer init(asset:applyingCIFiltersWithHandler:) or the Objective-C initializer videoCompositionWithAsset:applyingCIFiltersWithHandler: with built-in CIFilters to easily incorporate an HDR editing pipeline in your app.
Custom compositors can support HDR content, too: You can use the supportsHDRSourceFrames property to indicate HDR capability. For Objective-C, the supportsHDRSourceFrames property is a part of the AVVideoCompositing protocol defined in AVVideoCompositing.h.
If your custom compositor needs to operate in 10-bit HDR pixel formats, you’ll need to select pixel buffer attributes that your compositor can accept as input by using the sourcePixelBufferAttributes property. For Objective-C, this property is found in AVVideoCompositing.h. The value of this property is a dictionary which contains pixel buffer attribute keys defined in CoreVideo header file CVPixelBuffer.h.
Additionally, to create new buffers for processing, you’ll need the correct pixel buffer attributes required by the video compositor. For this particular purpose, use the property requiredPixelBufferAttributesForRenderContext.
If your app offers video previewing during editing, modifying the pixel values may invalidate the video’s existing dynamic metadata and its usage. Because the Dolby Vision Profile 8.4 metadata is completely transparent, you can use AVPlayerItem to drop any invalid metadata during preview-only scenarios, as well as update dynamic metadata during export to reflect changes in the video content.
To configure HDR settings, you can use the appliesPerFrameHDRDisplayMetadata property from AVPlayerItem , which defaults to true. In Objective-C, the property defaults to YES and can be found in AVPlayerItem.h.
By default, AVFoundation will attempt to use Dolby Vision metadata if present for a video, but you can tell your app to ignore it: Just set the appliesPerFrameHDRDisplayMetadata property from AVPlayerItem to false in Swift, or NO in Objective-C. If your application is using VTDecompressionSession APIs from VideoToolbox, you can turn off Dolby Vision tone mapping with kVTDecompressionPropertyKey_PropagatePerFrameHDRDisplayMetadata. To use this property in C or Objective-C, make sure to include VideoToolbox in the framework header VTDecompressionProperties.h.
You can support HDR video export in your app when you work with AVAssetWriter and HEVC presets.
Discover presets and AVAssetExportSession
All HEVC presets have been upgraded to support HDR. The output format will match the source format, so if the source file is Dolby Vision Profile 8.4, the exported movie will also be Dolby Vision Profile 8.4. If you need to change the output format, you can use AVAssetWriter.
Note: H.264 presets will convert HDR to Standard Dynamic Range (SDR).
In order to preserve Dolby Vision Profile 8.4 during export using AVAssetWriter, you must choose a suitable output format, color properties that support Dolby Vision, and a 10-bit profile level.
To start, note that querying supportedOutputSettingsKeys(for:) in Swift or supportedOutputSettingsKeysForConnection: in Objective-C provides a list of output settings keys supported for the current device.
For Dolby Vision export, the video output settings dictionary key AVVideoCompressionPropertiesKey allows you to control bit rate, B-frame delivery, I-frame interval, and codec quality. The value associated with this key is an instance of NSDictionary. For Objective-C, this key is found in AVVideoSettings.h.
For example, a video output settings dictionary for Dolby Vision in Swift would contain these key/value pairs:
let videoOutputSettings: [String: Any] = [ AVVideoCodecKey: AVVideoCodecType.hevc, AVVideoProfileLevelKey: kVTProfileLevel_HEVC_Main10_AutoLevel, AVVideoColorPropertiesKey: [ AVVideoColorPrimariesKey: AVVideoColorPrimaries_ITU_R_2020, AVVideoTransferFunctionKey: AVVideoTransferFunction_ITU_R_2100_HLG, AVVideoYCbCrMatrixKey: AVVideoYCbCrMatrix_ITU_R_2020 ], AVVideoCompressionPropertiesKey: [ kVTCompressionPropertyKey_HDRMetadataInsertionMode: kVTHDRMetadataInsertionMode_Auto ]
]With Objective-C, your video output settings dictionary would contain the same key/value pairs:
NSDictionary<NSString*, id>* videoOutputSettings = @{ AVVideoCodecKey: AVVideoCodecTypeHEVC, AVVideoProfileLevelKey: (__bridge NSString*)kVTProfileLevel_HEVC_Main10_AutoLevel, AVVideoColorPropertiesKey: @{ AVVideoColorPrimariesKey: AVVideoColorPrimaries_ITU_R_2020, AVVideoTransferFunctionKey: AVVideoTransferFunction_ITU_R_2100_HLG, AVVideoYCbCrMatrixKey: AVVideoYCbCrMatrix_ITU_R_2020 }, AVVideoCompressionPropertiesKey: @{ (__bridge NSString*)kVTCompressionPropertyKey_HDRMetadataInsertionMode: (__bridge NSString*)kVTHDRMetadataInsertionMode_Auto }
};In Objective-C, the key kVTCompressionPropertyKey_HDRMetadataInsertionMode and the value kVTHDRMetadataInsertionMode_Auto are found in VTDecompressionProperties.h.
In addition to defining key/value pairs, make sure that the pixel buffers presented to AVAssetWriterInput are a 10-bit 4:2:0 Y’CbCr video range represented by ‘x420’ OSType.
You may elect to use a separate AVAssetReader or AVAssetWriter model for export. In that case, you can use the VideoToolbox property kVTCompressionPropertyKey_PreserveDynamicHDRMetadata and set it to kCFBooleanFalse or false for C/Objective-C or Swift respectively. When you set the VideoToolbox property, AVAssetWriter will automatically recompute the Dolby Vision Profile 8.4 metadata for exporting the file. This should be done as your app modifies the output frames from the AVAssetReader.
Staying hydrated is like eating your vegetables: You know it’s a good idea, and you probably don’t do it enough.
If that sounds like you, WaterMinder is your solution. The app makes it easy to track how much water you’ve consumed with a playful interface that’s simple, clever, and blue. And it keeps your data secure across its iPhone, iPad, Apple Watch, and Mac apps by syncing via iCloud.
Independent developer Kriss Smolka released WaterMinder in 2013. Today he manages a global team from his home in the suburbs of Chicago.
Your customizable WaterMinder avatar fills up as you drink: The bluer it is, the more hydrated you are.
Where did you get the idea for WaterMinder?
After my wife and I had our second child, she was having sporadic headaches. I did a little research and came to the conclusion she might be dehydrated. “How much water do you drink?” I asked, and she said, “Oh, I have a tea in the morning and maybe three coffees during the day.” But she didn’t really know about water.
How did you go about creating the app? I researched water-tracking apps but found them a little complicated. I thought, “OK, maybe this just needs to be simplified.” I created a mockup, and after a couple of days of her being hydrated, the headaches went away. I figured if I could help her, maybe I could help other people as well. We released our first version in July 2013.
What was the early reception like?
We got a couple hundred downloads on our first day, and I remember thinking, “Wow, people actually paid for something that we created.” But after a free promotion that got traction with media outlets, we had hundreds of thousands of downloads. It was amazing—a chance for people to get to know the app.
How is the WaterMinder team working these days?
I’m in Chicago. We have five engineers in India, a content writer in Ireland, our marketing guys in Holland, and a designer in Australia. We’re used to working remotely!
What’s the best advice you’ve received?
Something stuck with me when we were doing that promotion: Someone from a French website reached out and said, “Sit back and enjoy the ride.” When we got those early analytics, we were like, ‘Oh, wow!’” We were enjoying the ride, but it was also a roller coaster.
Originally published on the App Store.
On March 29, 2021, token and certificate-based HTTP/2 connections to the Apple Push Notification service must incorporate the new root certificate (AAACertificateServices 5/12/2020) which replaces the old GeoTrust Global CA root certificate. To ensure a seamless transition and to avoid push notification delivery failures, verify that both the old and new root certificates for the HTTP/2 interface are included in the Trust Store of each of your notification servers before March 29.
Note that Apple Push Notification service SSL provider certificates issued to you by Apple do not need be to updated at this time.
If you’re a productivity-minded person, there’s only one thing better than crossing something off your to-do list: Crossing everything off your to-do list.
Quentin Zervaas knows this well — so well he turned the concept into Streaks. The app tracks the number of consecutive days you’ve completed a task and securely syncs your history across iPhone, iPad, Apple Watch, and Mac via iCloud.
What you complete — whether walking the dog, working out, or meditating — is up to you. The idea is to stay driven to check off those to-dos every day. The App Store spoke to Zervaas from his hometown of Adelaide, South Australia, where he and Streaks cocreator Isaac Forman are working to keep up their winning streak.
Streaks gamifies your to-do list: Can you hit all six tasks every day?
How did you get the idea for Streaks?
As a small business owner, I would do certain things each day — bookkeeping, sending support emails. I was also trying to write a book and struggling. Eventually I adopted the strategy “I want to get something done every single day, whether it’s a sentence, a paragraph, or a page.”
I was tracking everything in a text editor until I thought, “I build apps; I could probably make this nicer.” Isaac Forman and I whipped up a prototype that looks pretty much as Streaks does now, just without the colors and icons.
How did you land on Streaks tracking six tasks per day?
I found if I did four or five tasks, a sixth — even if it was completely unrelated — needed to be done too. I just wanted to finish it. So I would put the more difficult one at the end. That gamification really motivates you to get everything done.
What’s the most surprising request you’ve received?
One of the key features is there aren’t any boundaries on the tasks you can add. There are probably 500 icons the app will suggest based on what you type as your task, so I get a lot of icon requests. Someone recently asked us to add a Viking helmet. Maybe they’re a costume designer or they’re playing an online game, I’m not sure.
You won an Apple Design Award in 2016. How did you celebrate? As it happened, I was getting married the weekend before WWDC that year. We got married, got to the airport at 6 a.m. the next day, and headed off on the 19-hour plane ride to San Francisco. My wife wasn’t thrilled with that, but luckily we got to travel around the city, Napa, and Sonoma, so it worked out OK.
What’s the best advice you’ve received? Before Streaks I was working on public transportation apps; someone said to me, “You’re doing this now, but it won’t be your last business.” That’s a good mindset for independent developers: Remember, there’s always something new on the horizon.
Originally published on the App Store.
Designing apps for Apple platforms just got easier. Now you can quickly lay out your app for macOS Big Sur or tvOS 14 using new design templates, components, guides, and more. All major macOS and tvOS components, such as buttons, segmented controls, alerts, menus, and other controls, are included. In addition, the updated iOS 14 and iPadOS 14 design resources for Sketch have been rebuilt to support color variables, and include numerous minor improvements and bug fixes.
SKAdNetwork 2.2. This update supports view-through attribution for advertisement formats such as video, audio, and interactive advertisements. This allows you to display your choice of advertising formats and measure which creatives are most effective, while preserving user privacy.
Private Click Measurement. iOS 14.5 and iPadOS 14.5 bring Private Click Measurement to apps, in addition to the web. Advertising networks can now measure the effectiveness of advertisement clicks within iOS or iPadOS apps that navigate to a website. This information can be used to understand which advertisements drive conversions (such as purchases or signups) — while maintaining user privacy.
Get started by building and testing your apps with the beta versions of Xcode 12.5, iOS 14.5, and iPadOS 14.5.
Sometimes a good idea hits you like a splash of cold water.
Fares Ksebati cocreated MySwimPro in 2015 to provide a deep pool of aquatic workout videos for like-minded athletes. The app syncs with Apple Health to keep your swimming and workout data secure. With 2021 being an Olympic year, he and cofounder Adam Oxner are poised to make even bigger waves: “Swimming gets a lot of public notoriety every four years,” says Ksebati.
We spoke to Ksebati, a three-time U.S. Masters swimming champion, about the power of incremental change and what every entrepreneur should know before diving into app development.
No pool? MySwimPro has hundreds of dryland videos to help swimmers stay in shape.
How did you start creating apps? Before launching MySwimPro in 2015, I worked at four different startups and was always coaching swimming on the side. At the time, there was really nothing that addressed swimmers, so that’s when the light-bulb moment happened.
If you work on something you understand intimately, it’s a lot easier because you have that intuition, that unique lens. I’m a swimmer and a coach, but above all I’m a swimming nerd. I not only understand it but I care about it.
How is the MySwimPro team structured these days?
Our HQ is technically in Ann Arbor, but we have team members across the United States and a few countries like Turkey and Ukraine. The app is in nine languages, and we were able to do most of that in-house because we speak almost a dozen languages on our team, which is really unique.
What do you do as a team to stay motivated? Go to the pool! I literally went for a swim two hours ago. Because we’re a fitness brand, it’s part of our culture to take a break in the middle of the day. I want everybody to feel comfortable doing that, even if they’re not swimming.
What’s been the most challenging time for your team, and how did you get through it?
Back in March, when pools were closing, we thought, “OK, this could be two or three years, but we can’t sit around and do nothing.” So we took action very quickly, creating 200 dryland videos and eight training programs. We went to my brother’s house and rearranged his living room into an at-home fitness facility.
What do you know now that you wish you’d known when you started?
That it’s really important to be consistent, that it takes time to develop, and that if you can just be a little bit better every single day, the compounding impact is absolutely insane. We’ve been at this for five years, which is more than 1,800 days, and we’re trying to be at least 1 percent better each day.
Originally published on the App Store.
Late last year, to give you additional time to prepare, we had temporarily deferred the requirement to use AppTrackingTransparency when requesting permission to track users and access device advertising identifiers. This requirement now goes into effect starting with the upcoming beta update, and will roll out to everyone in early spring with an upcoming release of iOS 14, iPadOS 14, and tvOS 14. We encourage you to verify your app’s implementation of AppTrackingTransparency as soon as possible. Without the user’s permission, you will not be allowed to track them and the device’s advertising identifier value will be all zeros.
In an upcoming release of iOS and iPadOS, we will enhance SKAdNetwork and add Private Click Measurement support for apps, allowing advertising networks to better attribute advertisements that display within apps on these platforms. Private Click Measurement enables the measurement of ad campaigns that direct users to websites while preserving user privacy. Additional details are coming soon.
If your app sends or receives data over the network, it’s critical to preserve the privacy and integrity of a person’s information and protect it from data breaches and attacks. You should use the Transport Layer Security (TLS) protocol to protect content in transit and authenticate the server receiving the data.
When you connect through TLS, the server provides a certificate or certificate chain to establish its identity. You can further limit the set of server certificates your app trusts by pinning their public-key identities in your app. Here’s how to get started.
By default, when your app connects to a secure TLS network, the system evaluates server trustworthiness by default. Most apps can meet their security requirements by relying on this behavior; however, certain apps may need to further limit the set of trusted certificates.
For example, your app may need to meet regulatory requirements that determine which specific Certificate Authorities (CAs) can be trusted. While Apple platforms ensure by default that only trustworthy CAs are involved, your app can use identity pinning to further limit the set of CAs to those associated with a particular government or organization.
Pinning cannot loosen the trust requirements of your app — it can only tighten them. You still always need to meet the system’s default trust requirements when using public-key certificates involved in a TLS network connection.
Note: When you’ve configured your app to expect a specific set of public keys for a given server, it will refuse to connect to that server unless those public keys are involved. As a result, if the server deploys new certificates that alter the public keys, your app will refuse to connect. At that point, you’ll need to update your app with a pinning configuration that reflects the new set of public keys.
If you want to use identity pinning in your app, consider creating a long-term strategy that accounts for both planned and unplanned events so that you can prevent pinning failures.
Your app can proactively provide a great experience by pinning the public keys of CAs, instead of servers. This way, you can deploy server certificates that contain new public keys signed by the same CA without the need for pinning configuration updates.
You can also consider pinning more than one public key, especially when pinning server identities. This way, your app will still be able to connect to configured servers even if they revoke or rotate certificates.
Additionally, plan to provide a fallback experience in your app if it’s unable to connect to a server in the event of a pinning failure. First, think of ways your app experience may be impacted, and come up with mitigating solutions for any negative side effects. Can the app still function without making that connection, and can you provide someone with a temporary recovery path?
You’ll also want to plan for an eventual recovery path. One way you can address pinning failures is through a new pinning configuration, delivered via app update. Consider whether that’s an option given the use cases of your app.
We highly recommend simulating various events and potential failure points when testing your app by acquiring additional public-key certificates for this purpose and varying the configuration of your server accordingly.
A pinned CA public key must appear in a certificate chain either in an intermediate or root certificate. Pinned keys are always associated with a domain name, and the app will refuse to connect to that domain unless the pinning requirement is met.
As an example, to require the presence of a specific CA public key when connecting to the example.org domain name, you can add the following entries to the Info.plist file of your app.
<key>NSAppTransportSecurity</key>
<dict> <key>NSPinnedDomains</key> <dict> <key>example.org</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSPinnedCAIdentities</key> <array> <dict> <key>SPKI-SHA256-BASE64</key> <string>r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=</string> </dict> </array> </dict> </dict>
</dict>In this example, the pinned public key is associated with example.org and also subdomains such as math.example.org and history.example.org, but it won’t be associated with advanced.math.example.org, or ancient.history.example.org.
The public key is expressed as the Base64-encoded SHA-256 digest of an X.509 certificate’s DER-encoded ASN.1 Subject Public Key Info structure. Assuming the following PEM-encoded public-key certificate, stored in file ca.pem, you can calculate its SPKI-SHA256-BASE64 value with the openssl command.
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE----- $ cat ca.pem | openssl x509 -inform pem -noout -outform pem -pubkey | openssl pkey -pubin -inform pem -outform der | openssl dgst -sha256 -binary | openssl enc -base64To introduce redundancy into your pinning configuration, you can associate multiple public keys with a domain name.
<key>NSAppTransportSecurity</key>
<dict> <key>NSPinnedDomains</key> <dict> <key>example.org</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSPinnedCAIdentities</key> <array> <dict> <key>SPKI-SHA256-BASE64</key> <string>r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=</string> </dict> </array> </dict> <key>example.net</key> <dict> <key>NSPinnedLeafIdentities</key> <array> <dict> <key>SPKI-SHA256-BASE64</key> <string>i9HaIScvf6T/skE3/A7QOq5n5cTYs8UHNOEFCnkguSI=</string> </dict> <dict> <key>SPKI-SHA256-BASE64</key> <string>i9HaIScvf6T/skE3/A7QOq5n5cTYs8UHNOEFCnkguSI=</string> </dict> </array> </dict> </dict>
</dict>For example, to pin multiple public keys for the example.net server certificate, you would add individual entries as items in an array to the Info.plist file of your app. To satisfy the pinning requirement for a connection to example.net, the server certificate must include one of those keys.