Public key pinning digest generation
# get the SHA-1 digest of the subjectPublicKeyInfo of a certificate as used by Chromium's preloaded public key pinning | |
# http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?r1=191212&r2=191211&pathrev=191212 | |
curl -s https://pki.google.com/GIAG2.crt | openssl x509 -inform der -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha1 | |
# (stdin)= 43dad630ee53f8a980ca6efd85f46aa37990e0ea | |
# get the base64-encoded SHA-256 digest of the subjectPublicKeyInfo of a certificate as used by HTTP Public Key Pinning | |
# (http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11) | |
curl -s https://pki.google.com/GIAG2.crt | openssl x509 -inform der -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 | |
# 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y= |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Make base64-encoded SHA-256 digest of the subjectPublicKeyInfo from local certificate file in PEM format (certificate.pem):
Make base64-encoded SHA-256 digest of the subjectPublicKeyInfo from local certificate file in DER format (certificate.crt):
Make base64-encoded SHA-256 digest of the subjectPublicKeyInfo from local CSR file in PEM format (csr.pem):