/hpkp_hashes.sh
Created Feb 21, 2014
Public key pinning digest generation
| # get the SHA-1 digest of the subjectPublicKeyInfo of a certificate as used by Chromium's preloaded public key pinning | |
| # http://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.h?r1=191212&r2=191211&pathrev=191212 | |
| curl -s https://pki.google.com/GIAG2.crt | openssl x509 -inform der -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha1 | |
| # (stdin)= 43dad630ee53f8a980ca6efd85f46aa37990e0ea | |
| # get the base64-encoded SHA-256 digest of the subjectPublicKeyInfo of a certificate as used by HTTP Public Key Pinning | |
| # (http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11) | |
| curl -s https://pki.google.com/GIAG2.crt | openssl x509 -inform der -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 | |
| # 7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y= |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
DavisNT commentedJul 9, 2014
Make base64-encoded SHA-256 digest of the subjectPublicKeyInfo from local certificate file in PEM format (certificate.pem):
Make base64-encoded SHA-256 digest of the subjectPublicKeyInfo from local certificate file in DER format (certificate.crt):
Make base64-encoded SHA-256 digest of the subjectPublicKeyInfo from local CSR file in PEM format (csr.pem):