Skip to content

Instantly share code, notes, and snippets.

@streichsbaer
Created March 5, 2018 04:00
Show Gist options
  • Save streichsbaer/af0ec3ad8edf6376cea4e54e8efd1de8 to your computer and use it in GitHub Desktop.
Save streichsbaer/af0ec3ad8edf6376cea4e54e8efd1de8 to your computer and use it in GitHub Desktop.
This shell script gets the public key in DER format for a given host and port and returns the publicKey Hashes in the TrustKit Format
# Prequisites: (Tested on Mac only)
# 1. Install openssl
# 2. Install python
# 3. Clone the trustkit repository
# 4. cd into the trustkit repository and create the getPublicKeyHashes.sh file in there
if [ -z "$1" ]
then
echo "Please provide a hostname and port. E.g ./getPublicKeyHashes.sh google.com 443"
elif [ -z "$2" ]
then
echo "Please provide a hostname and port. E.g ./getPublicKeyHashes.sh google.com 443"
else
openssl s_client -showcerts -connect $1:$2 < /dev/null | openssl x509 -outform DER > $1.der
python get_pin_from_certificate.py --type DER $1.der
fi
# Sample output:
# ➜ TrustKit git:(master) ✗ ./getPublicKeyHashes.sh google.com 443
# depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
# verify error:num=20:unable to get local issuer certificate
# verify return:0
# poll error
# CERTIFICATE INFO
# ----------------
# subject= /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
# issuer= /C=US/O=Google Inc/CN=Google Internet Authority G2
# SHA1 Fingerprint=54:7B:BB:F6:8D:57:0D:1F:FD:6F:30:37:63:17:24:59:6A:DF:97:FF
# TRUSTKIT CONFIGURATION
# ----------------------
# kTSKPublicKeyHashes: @[@"BJDcocvi2UGI5t4xELJI5sG+LR7j6x3G8WYCMdmJ5JQ="] // You will also need to configure a backup pin
# kTSKPublicKeyAlgorithms: @[kTSKAlgorithmRsa2048]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment