Simple question
I am trying to do certificate pinning in android using the network-security-config but I am not sure how to get the the SHA-256 to put in the pin-set
Given a domain url how do you find the "pin digest="SHA-256"?
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">example.com</domain>
<pin-set expiration="2018-01-01">
<pin digest="SHA-256">HowDoIGetThisValue</pin>
<!-- backup pin -->
<pin digest="SHA-256">HowDoIGetThisValue</pin>
</pin-set>
</domain-config>
</network-security-config>
Suggestions/Steps.
many thanks
in MAC:
if your certificate type is .crt:
openssl x509 -in yourCertificatePath.crt -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
if your certificate type is .cer:
In case of DER certificate:
openssl x509 -in yourCertificatePath.cer -pubkey -noout -inform der | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
In case of PEM certificate:
openssl x509 -in yourCertificatePath.cer -pubkey -noout -inform pem | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -binary | \
openssl enc -base64