[gnutls-devel] How to generate sums for Public-Key-Pins HTTP header ?

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Feb 22 10:54:14 CET 2017


On Tue, Feb 21, 2017 at 9:18 AM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
>> If you want it in C, please take a look at daemon/tls.c from
>> https://gitlab.labs.nic.cz/knot/resolver.git, which has a
>> get_oob_key_pin() function that uses gnutls primitives (except for the
>> b64 encoding).
>>
>> It would be nice see that particular digest caluclation be included in
>> the output of certtool -i, fwiw.
>
> FYI, the C code is also in wget and now in wget2 (for HPKP).
>
> And I agree to Daniel, having that in certtool makes it available to the
> public quicker, since xxd, cut, base64 and sha256sum are not easily available
> on any platform.

Well adding something is easy, but the output of certificate
information seems already quite bloated with Fingerprint
(sha1/sha256), Public Key ID (sha1/sha256) and random art. Any ideas
on what we could remove?

regards,
Nikos



More information about the Gnutls-devel mailing list