{"id":13840812,"url":"https://github.com/tam7t/hpkp","last_synced_at":"2025-04-13T11:09:33.671Z","repository":{"id":144202300,"uuid":"60211115","full_name":"tam7t/hpkp","owner":"tam7t","description":"golang hpkp client library","archived":false,"fork":false,"pushed_at":"2016-08-21T19:34:01.000Z","size":28,"stargazers_count":95,"open_issues_count":3,"forks_count":12,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-27T02:13:28.942Z","etag":null,"topics":["golang-library","hpkp","pinning","tls"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tam7t.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2016-06-01T21:11:39.000Z","updated_at":"2025-02-06T13:07:53.000Z","dependencies_parsed_at":"2023-06-18T07:02:33.016Z","dependency_job_id":null,"html_url":"https://github.com/tam7t/hpkp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tam7t%2Fhpkp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tam7t%2Fhpkp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tam7t%2Fhpkp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tam7t%2Fhpkp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tam7t","download_url":"https://codeload.github.com/tam7t/hpkp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248703198,"owners_count":21148118,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang-library","hpkp","pinning","tls"],"created_at":"2024-08-04T17:00:57.029Z","updated_at":"2025-04-13T11:09:33.650Z","avatar_url":"https://github.com/tam7t.png","language":"Go","funding_links":[],"categories":["Go","Go (531)"],"sub_categories":[],"readme":"# hpkp\n[![Go Report Card](https://goreportcard.com/badge/github.com/tam7t/hpkp?style=flat-square)](https://goreportcard.com/report/github.com/tam7t/hpkp) [![GoDoc](http://img.shields.io/badge/go-documentation-blue.svg?style=flat-square)](http://godoc.org/github.com/tam7t/hpkp) [![Build Status](http://img.shields.io/travis/tam7t/hpkp.svg?style=flat-square)](https://travis-ci.org/tam7t/hpkp)\n\nLibrary for performing certificate pin validation for golang applications.\n\n## Motivation\n\nI couldn't find any Golang libraries that make key pinning any easier, so I decided to start my own library for writing HPKP aware clients. This library is aimed at providing:\n\n1. HPKP related tools (generate pins, inspect servers)\n1. A convenience functions for writing clients that support pin verification\n\n\n## Examples\n\nTo inspect the HPKP headers from the server:\n\n```\n$ hpkp-headers https://github.com\n{\"Created\":1465765483,\"MaxAge\":5184000,\"IncludeSubDomains\":true,\"Permanent\":false,\"Sha256Pins\":[\"WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=\",\"RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=\",\"k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=\",\"K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=\",\"IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=\",\"iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=\",\"LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A=\"]}\n```\n\nAnd generate pins from the certs a server presents:\n\n```\n$ hpkp-pins -server=github.com:443\npL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=\nRRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=\n```\n\nOr generate a pin from a PEM-encoded certificate file:\n\n```\n$ hpkp-pins -file=cert.pem\nAD4C8VGyUrvmReK+D/PYtH52cYJrG9o7VR+uOZIh1Q0=\npL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=\n```\n\nAnd finally, how to use the `hpkp` package to verify pins as part of your application:\n\n```\ns := hpkp.NewMemStorage()\n\ns.Add(\"github.com\", \u0026hpkp.Header{\n    Permanent: true,\n    Sha256Pins: []string{\n        \"WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=\",\n        \"RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=\",\n        \"k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=\",\n        \"K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=\",\n        \"IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=\",\n        \"iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=\",\n        \"LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A=\",\n    },\n})\n\nclient := \u0026http.Client{}\ndialConf := \u0026hpkp.DialerConfig{\n\tStorage:   s,\n\tPinOnly:   true,\n\tTLSConfig: nil,\n\tReporter: func(p *hpkp.PinFailure, reportUri string) {\n\t\t// TODO: report on PIN failure\n\t\tfmt.Println(p)\n\t},\n}\n\nclient.Transport = \u0026http.Transport{\n\tDialTLS: dialConf.NewDialer(),\n}\nresp, err := client.Get(\"https://github.com\")\n```\n\n## References\n\n* https://tools.ietf.org/html/rfc7469\n* https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftam7t%2Fhpkp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftam7t%2Fhpkp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftam7t%2Fhpkp/lists"}