Pinning is the process of associating a host with their expected X509 certificate or public key.
Pinning is the process of associating a host with their expected X509 certificate or public key.
Questions tagged [public-key-pinning]
45 questions
0
votes
1 answer
Public Key Pinning Extension for HTTP
Our Penetration testing Team is suggesting to configure Public Key Pinning Extension for HTTP at IIS level.
Wikipedia says it’s a deprecated security mechanism. And most of the blogs and articles not recommending pinning because it involves a huge…
nomad
- 37
- 2
0
votes
0 answers
How to validate public hash key of google managed ssl certificate while doing http request to server in python?
I am using the google app engine for my application and it has google managed SSL certificates enable. Google automatically renews it also before expiration.
One thing I noticed that google uses the same private key for creating or renewing the new…
tenstormavi
- 315
- 1
- 7
- 17
0
votes
2 answers
Public Pinning is iOS Not working with Almofire
HI I wanted to implement the SSL pinning using public keys & I'm using Alamofire 4.8.2
Below is the code for that
func testWithAlmofire(){
let serverTrustPolicies:[String:ServerTrustPolicy] = [
"example.com":…
saurabh_mishra_08
- 691
- 1
- 7
- 14
0
votes
1 answer
SSLPinning is not working on android <= 23 with OKHTTTP
1-We are able to intercept request/response in the burp suite tool for API <=23.
2-When I pass incorrect sha-256 pin to certificate pinner then it throws exception
com.android.volley.NoConnectionError: javax.net.ssl.SSLPeerUnverifiedException:…
Vikas Rathore
- 41
- 1
- 5
0
votes
1 answer
Does SSL pinning in android app affect working of iOS app using same server?
I am implementing SSL public key pinning on my android app. After implementation on the android app and adding Expect-CT header at the server will it affect my iOS app on which SSL pinning is not implemented?
0
votes
1 answer
Certificate pinning for websockets in android
We are using websockets in one of my Android app. Using 3rd party lib "https://github.com/TakahikoKawasaki/nv-websocket-client" .
Now we wanted to enable ssl pinning for websockets.
How can we do this?
Thanks
user3863488
- 227
- 1
- 13
0
votes
1 answer
How to implement SSL Key Pinning in iOS in Ionic 3?
I did not have much knowledge in iOS classes. I am building an iOS app(Ionic 3) which required the SSL pinning. Most of the google example based on swift. May I know the steps or could anybody provide some links regarding iOS SSL pinning?
PS: I…
Nirmalya
- 116
- 2
- 10
0
votes
1 answer
Are pinned public keys in the Network Security Configuration file trusted even if the CA that issued it is not?
Let's say that I have an app that transmits some sensitive info to my server. I want to reduce the risk of a man-in-the-middle attack on my users, so I pin the keys used by my server in the Network Security Configuration file.
But, let's say a…
duggulous
- 2,427
- 3
- 23
- 40
0
votes
0 answers
Unit testing SSL pinning with URLProtocol
Aim: Unit test app's ssl pinning
Approximate implementation aimed for:
subclass URLProtocol
Insert custom URLProtocol into Session's configuration
Use session with custom config when generating requests
catch the request and generate response with…
Fawkes
- 3,831
- 3
- 22
- 37
0
votes
1 answer
Certificte Pinning with PHP not working
I'm trying to connect to a Web Service, which requires SSL Certificate pinning.
Previous implementation has been done with Java and now I have to convert it to PHP.
I converted the JKS to a pem file and using it like below.
$ch =…
Kasun Rajapaksha
- 536
- 1
- 5
- 22
0
votes
1 answer
Implementing SSL pinning using Trustkit with Google Cloud Endpoints
I am using Google Cloud Endpoints to interact with the app engine backend for my Android app. I want to implement public key/SSL pinning. It's easy to do this for Android N and above, but i want to implement pinning for earlier versions of Android.…
NNN
- 543
- 5
- 14
0
votes
1 answer
How to generate iOS certificate for public key pinning(SSL pinning)
I'm suppose to use SSL pinning(public key pinning) in my app. I'm new to this. Can somebody reply me with brief step of generating public key, csr file and SSL certificate for iOS.
Vikas Mishra
- 246
- 1
- 12
0
votes
1 answer
Should we handle Certificate/Public Key pinning for external https services?
I am writing an Android app that will make some http requests to external HTTPS restful resources - https://external_server/resources ( I have no control of the external Servers )
I am thinking to handle Certificate/Public Key Pinning for the…
LHA
- 9,398
- 8
- 46
- 85
-1
votes
1 answer
Is it necessary to store SPKI hash securely in android?
I'm trying to enable public key pinning since I don't want to release updates for every certificate renewal provided I'll use the same CSR every time.
I generated the hash with this script.
#!/bin/bash
certs=`openssl s_client -servername $1 -host $1…
1729i
- 57
- 1
- 5
-1
votes
1 answer
Find total number of frequently occurrence elements
I was recently working on group of numbers,
i have a large sequence of numbers stored vertically.
i was counting which number how many times appears, and then i chose the number(s) with high hit counts.
my code looks like this:
// select the most…
N007
- 79
- 10