什么是HTTP公钥固定[HPKP]
##HTTP Public Key Pinning详见WIKI,不复制了
https://zh.wikipedia.org/wiki/HTTP%E5%85%AC%E9%92%A5%E5%9B%BA%E5%AE%9A
如何生成?
openssl x509 -pubkey < alphaca.pem | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64
如何设置?
#aphache添加header Header always set Public-Key-Pins "pin-sha256=\"amMeV6gb9QNx0Zf7FtJ19Wa/t2B7KpCF/1n2Js3UuSU=\";pin-sha256=\"YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=\"; max-age=2592000;includeSubdomains" #nginx添加header add_header Public-Key-Pins 'pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q="; max-age=2592000; includeSubDomains';
参考来源 https://raymii.org/s/articles/HTTP_Public_Key_Pinning_Extension_HPKP.html
此处评论已关闭