{"id":20312526,"url":"https://github.com/scottyab/ssl-pin-generator","last_synced_at":"2025-04-11T16:51:23.744Z","repository":{"id":22963676,"uuid":"26313513","full_name":"scottyab/ssl-pin-generator","owner":"scottyab","description":"Simple jar to generate SSL pins based on a certificate's public key. Pins are base-64 SHA-1 hashes by default. ","archived":false,"fork":false,"pushed_at":"2018-08-31T13:50:11.000Z","size":7944,"stargazers_count":95,"open_issues_count":1,"forks_count":29,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-25T12:53:35.299Z","etag":null,"topics":["java","ssl-pins"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scottyab.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-11-07T09:45:00.000Z","updated_at":"2024-12-30T08:44:26.000Z","dependencies_parsed_at":"2022-08-21T17:50:40.556Z","dependency_job_id":null,"html_url":"https://github.com/scottyab/ssl-pin-generator","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyab%2Fssl-pin-generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyab%2Fssl-pin-generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyab%2Fssl-pin-generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyab%2Fssl-pin-generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scottyab","download_url":"https://codeload.github.com/scottyab/ssl-pin-generator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248443004,"owners_count":21104315,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","ssl-pins"],"created_at":"2024-11-14T18:06:30.991Z","updated_at":"2025-04-11T16:51:23.718Z","avatar_url":"https://github.com/scottyab.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"SSL Pin Generator\n=================\n\nIs a simple Java base util to generate SSL pins based on a certificate's Subject Public Key Info as described on \u003ca href=\"http://goo.gl/AIx3e5\"\u003eAdam Langley's Weblog\u003c/a\u003e (a.k.a Public Key pinning). Pins are base-64 SHA-1 [default] hashes, consistent with the format Chromium uses for \u003ca href=\"http://goo.gl/XDh6je\"\u003estatic certificates\u003c/a\u003e. See Chromium's \u003ca href=\"http://goo.gl/4CCnGs\"\u003epinsets\u003c/a\u003e for hostnames that are pinned in that\nbrowser.\n \nI created this mainly to be compatible with [okhttp](https://square.github.io/okhttp/) 2.1+, but later added the option to specific which hashing algorithm can be used to make this compatible with Android's `\u003cnetwork-security-config\u003e`\n\n\n## Usage\n\n*Warning you should ensure you run this on a trusted network*\n\nEither fork the project and call the `SSLPinGenerator.java` class directly or Download the latest release jar [here](https://github.com/scottyab/ssl-pin-generator/releases/).\n\nSimply pass to hostname with optionally port, and algorithm to the jar. `$ java -jar generatePins.jar \u003cyour hostname:port\"\u003e algorithm`\n\n### Default\n\ni.e `$ java -jar generatePins.jar publicobject.com`\n\nor \n\n`$ java -jar generatePins.jar scottyab.com sha-256`\n\nOutput:\n\n```\nGenerating SSL pins for: publicobject.com\nsha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=\nsha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=\nsha1/blhOM3W9V/bVQhsWAcLYwPU6n24=\nsha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=\n```\n\nThen if you are using okhttp add them to the `com.squareup.okhttp.CertificatePinner` like this (from the [okhttp java docs](https://github.com/square/okhttp/blob/92bf318a70a9e2194e626ff2c2f4266b0bbb09e5/okhttp/src/main/java/com/squareup/okhttp/CertificatePinner.java#L160))\n\n```java\nCertificatePinner certificatePinner = new CertificatePinner.Builder()\n        .add(\"publicobject.com\", \"sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=\")\n        .add(\"publicobject.com\", \"sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=\")\n        .add(\"publicobject.com\", \"sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=\")\n        .add(\"publicobject.com\", \"sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=\")\n        .build();\n```\n\n### Custom Hash,\n\nIn this exmaple we use SHA-256 to be compatible with Android's `\u003cnetwork-security-config\u003e`\n\n`$ java -jar generatePins.jar publicobject.com sha-256 debug`\n\n```\nGenerating SSL pins for: publicobject.com\nsubject :  CN=publicobject.com, OU=PositiveSSL, OU=Domain Control Validated\nsha-256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=\nsubject :  CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB\nsha-256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=\nsubject :  CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB\nsha-256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=\nsubject :  CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE\nsha-256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=\n```\n\nThis also shows the debug option to print out subject name to help identifiy which pin belongs to which cert in the chain.\n\n\n## Further reading\n\n*Shameless plug alert!*\n\nI wrote about SSL pinning and several other interesting things you can do to make your apps more secure in the [Android Security Cookbook](http://www.amazon.co.uk/Android-Security-Cookbook-Keith-Makan/dp/1782167161)\n\n## License \nThe MIT License\n\nCopyright (c) 2014 Scott Alexander-Bown http://scottyab.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottyab%2Fssl-pin-generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscottyab%2Fssl-pin-generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottyab%2Fssl-pin-generator/lists"}