--- description: Verify code authenticity and integrity to ensure it hasn't been tampered with, especially when distributing it to others. title: Code Signing - Capawesome image: https://capawesome.io/docs/assets/images/social/cloud/live-updates/advanced/code-signing.png --- [ Skip to content](#code-signing) [ 🎉 Introducing **Capawesome Platform** — one platform for Live Updates, Native Builds, App Store Publishing, and Insider SDKs.](https://capawesome.io) * [ Formbricks ](/docs/plugins/formbricks/) * [ Geocoder ](/docs/plugins/geocoder/) * [ Google Sign-In ](/docs/plugins/google-sign-in/) * [ libSQL ](/docs/plugins/libsql/) * [ Live Update ](/docs/plugins/live-update/) * [ Managed Configurations ](/docs/plugins/managed-configurations/) * [ Media Session ](/docs/plugins/media-session/) * [ ML Kit ](/docs/plugins/mlkit/) * [ NFC ](/docs/plugins/nfc/) * [ OAuth ](/docs/plugins/oauth/) * [ Pedometer ](/docs/plugins/pedometer/) * [ Photo Editor ](/docs/plugins/photo-editor/) * [ PostHog ](/docs/plugins/posthog/) * [ Printer ](/docs/plugins/printer/) * [ Purchases ](/docs/plugins/purchases/) * [ RealtimeKit ](/docs/plugins/realtimekit/) * [ Screen Orientation ](/docs/plugins/screen-orientation/) * [ Screenshot ](/docs/plugins/screenshot/) * [ Secure Preferences ](/docs/plugins/secure-preferences/) * [ Speech Recognition ](/docs/plugins/speech-recognition/) * [ Speech Synthesis ](/docs/plugins/speech-synthesis/) * [ Share Target ](/docs/plugins/share-target/) * [ Square Mobile Payments ](/docs/plugins/square-mobile-payments/) * [ SQLite ](/docs/plugins/sqlite/) * [ Superwall ](/docs/plugins/superwall/) * [ Torch ](/docs/plugins/torch/) * [ Wifi ](/docs/plugins/wifi/) * [ Zip ](/docs/plugins/zip/) * [ Cloud ](/docs/cloud/) * [ Live Updates ](/docs/cloud/live-updates/) * Advanced * [ Delta Updates ](/docs/cloud/live-updates/advanced/delta-updates/) * [ Git Integration ](/docs/cloud/live-updates/advanced/git-integration/) * [ Privacy ](/docs/cloud/live-updates/advanced/privacy/) * [ Rollbacks ](/docs/cloud/live-updates/advanced/rollbacks/) * [ Rollouts ](/docs/cloud/live-updates/advanced/rollouts/) * [ Self-Hosting ](/docs/cloud/live-updates/advanced/self-hosting/) * Integrations * [ Native Builds ](/docs/cloud/native-builds/) * [ Configuration ](/docs/cloud/native-builds/configuration/) * [ Environments ](/docs/cloud/native-builds/environments/) * Guides * [ Sample Projects ](/docs/cloud/native-builds/sample-projects/) * [ Troubleshooting ](/docs/cloud/native-builds/troubleshooting/) * [ Automations ](/docs/cloud/automations/) * [ Assist ](/docs/cloud/assist/) * Account * Organizations * [ Organization and User Management ](/docs/cloud/organizations/memberships/) * [ Single Sign-On (SSO) ](/docs/cloud/organizations/sso/) * [ Teams ](/docs/cloud/organizations/teams/) * [ Two-Factor Authentication ](/docs/cloud/organizations/two-factor-authentication/) * [ Integrations ](/docs/cloud/integrations/) * [ License Keys ](/docs/cloud/license-keys/) * [ Webhooks ](/docs/cloud/webhooks/) * [ Pricing ](https://capawesome.io/pricing/) * [ FAQ ](/docs/cloud/faq/) * [ Support ](/docs/cloud/support/) * [ Contributing ](/docs/contributing/) * [ LLMs ](/docs/llms/) * [ Insiders ](/docs/insiders/) * [ License ](https://capawesome.io/legal/eula/) * [ Support ](/docs/insiders/support/) * [ FAQ ](/docs/insiders/faq/) * [ Blog ](/blog/) * Categories # Code Signing[¶](#code-signing "Permanent link") Code signing is a security feature that allows you to verify the authenticity (1) and integrity (2) of your code. This is especially important when you are distributing your code to others, as it ensures that the code has not been tampered with or altered in any way. 1. **Authenticity** means that the code comes from a trusted source and has not been tampered with. 2. **Integrity** means that the code has not been corrupted during the download process. ## Generate the key pair[¶](#generate-the-key-pair "Permanent link") To sign your code, you will need a key pair consisting of a private key and a public key. The private key is used to sign the code and should be kept secret, while the public key is used to verify the signature and can be shared with others. You can generate a key pair using the [Capawesome CLI](/docs/cloud/cli/): `[](#%5F%5Fcodelineno-0-1)npx @capawesome/cli apps:liveupdates:generatesigningkey ` This will create two files: \- `private.pem`: Your private key file (2048-bit RSA key by default). Keep this file secure and do not share it with others. \- `public.pem`: Your public key file that will be used to verify bundle signatures. You can optionally specify custom paths and key size: `[](#%5F%5Fcodelineno-1-1)npx @capawesome/cli apps:liveupdates:generatesigningkey --private-key-path=./keys/private.pem --public-key-path=./keys/public.pem --key-size=4096 ` Keep Your Private Key Safe Make sure to keep your private key file secure and never commit it to version control. Add it to your `.gitignore` file to prevent accidental commits. ## Create a signed bundle[¶](#create-a-signed-bundle "Permanent link") To create a signed bundle on Capawesome Cloud, simply provide the path to the private key file using the `--private-key` option when creating the bundle using the [Capawesome CLI](/docs/cloud/cli/): `[](#%5F%5Fcodelineno-2-1)npx @capawesome/cli apps:liveupdates:upload --private-key private.pem ` This will sign the bundle with the private key and upload it to the Capawesome Cloud. ## Configure the plugin[¶](#configure-the-plugin "Permanent link") To verify the signed bundle in your app, you will need to configure the [Capacitor Live Update](/docs/plugins/live-update/#configuration) plugin with the public key. This can be done in the [Capacitor Configuration](https://capacitorjs.com/docs/config) file. When you generate the key pair using the CLI, the command automatically outputs the configuration in the correct format: `[](#%5F%5Fcodelineno-3-1){ [](#%5F%5Fcodelineno-3-2) "plugins": { [](#%5F%5Fcodelineno-3-3) "LiveUpdate": { [](#%5F%5Fcodelineno-3-4) "publicKey": "-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDodf1SD0OOn6hIlDuKBza0Ed0OqtwyVJwiyjmE9BJaZ7y8ZUfcF+SKmd0l2cDPM45XIg2tAFux5n29uoKyHwSt+6tCi5CJA5Z1/1eZruRRqABLonV77KS3HUtvOgqRLDnKSV89dYZkM++NwmzOPgIF422mvc+VukcVOBfc8/AHQIDAQAB-----END PUBLIC KEY-----" [](#%5F%5Fcodelineno-3-5) } [](#%5F%5Fcodelineno-3-6) } [](#%5F%5Fcodelineno-3-7)} ` Simply copy this configuration from the CLI output and merge it into your existing Capacitor Configuration file. If the plugin now downloads a bundle from the Capawesome Cloud, it will verify the signature using the public key and only apply the update if the signature is valid. This way, you can ensure that your app only receives updates that have been signed with your private key. No Line Breaks Required The `publicKey` value should **NOT contain any line breaks**. The CLI command automatically formats the `publicKey` value without line breaks, so you can copy and paste it directly from the output into your configuration. May 8, 2026 Back to top