Public key pinning digest generation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # get the SHA-1 digest of the subjectPublicKeyInfo of a certificate as used by Chromium's preloaded public key pinning | |
| # http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?r1=191212&r2=191211&pathrev=191212 | |
| curl -s https://pki.google.com/GIAG2.crt | openssl x509 -inform der -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha1 | |
| # (stdin)= 43dad630ee53f8a980ca6efd85f46aa37990e0ea | |
| # get the base64-encoded SHA-256 digest of the subjectPublicKeyInfo of a certificate as used by HTTP Public Key Pinning | |
| # (http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11) | |
| curl -s https://pki.google.com/GIAG2.crt | openssl x509 -inform der -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 | |
| # 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y= |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Make base64-encoded SHA-256 digest of the subjectPublicKeyInfo from local certificate file in PEM format (certificate.pem):
Make base64-encoded SHA-256 digest of the subjectPublicKeyInfo from local certificate file in DER format (certificate.crt):
Make base64-encoded SHA-256 digest of the subjectPublicKeyInfo from local CSR file in PEM format (csr.pem):