[gnutls-devel] How to generate sums for Public-Key-Pins HTTP header ?

Tim Ruehsen tim.ruehsen at gmx.de
Mon Feb 20 12:58:12 CET 2017


On Monday, February 20, 2017 12:47:05 PM CET Nikos Mavrogiannopoulos wrote:
> On Mon, Feb 20, 2017 at 11:05 AM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> > Hi,
> > 
> > is there a tool (certtool ?) or script to generate the base64 encoded
> > sha256 sums of a cert's pubkey?
> 
> I do not think there is a direct option to get it in base64, but you
> can get it in hex as:
> certtool --key-id --hash sha256 --infile cert.pem
> or (for older releases which didn't have --key-id)
> certtool --pubkey-info --outder --infile cert.pem|sha256sum|cut -d ' ' -f 1
> 
> Then you can go to base64 as:
> certtool --pubkey-info --outder --infile cert.pem|sha256sum|cut -d ' '
> -f 1|xxd -r -p|base64

Great !
This last one I was looking for :-)

Many Thanks, Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20170220/a5911fb4/attachment.sig>


More information about the Gnutls-devel mailing list