...
| Note |
|---|
The above digests serve as an example only. You should always create the digest yourself from the Gini API’s public key and use that one (see Extract hash from pay-api.gini.net). If you receive a digest from us, always validate it by comparing it to the digest you created from the public key (see Extract hash from public key). Failing to validate a digest may might lead to security vulnerabilities. |
...
The TrustKit configuration tag <trustkit-config> is required in order to deactivate TrustKit reporting and to enforce public key pinning. This is important because without it TrustKit doesn’t throw CertificateExceptions if the local public keys don’t match any of the remote ones, effectively deactivating pinning. The only downside of enforcing pinning is that two public key hashes are required. In the example above, we created and used a “zero” key hash as a placeholder. Setting the same key hash twice doesn’t help since because key hashes are stored in a set. Ideally, you should use a backup public key hash as the second one.
...