GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → tam7t → Hpkp

tam7t / Hpkp

Licence: mit
golang hpkp client library

Programming Languages

go
31211 projects - #10 most used programming language

Labels

tls

Projects that are alternatives of or similar to Hpkp

Nico
A HTTP2 web server for reverse proxy and single page application, automatically apply for ssl certificate, Zero-Configuration.
Stars: ✭ 43 (-41.1%)
Mutual labels:  tls
Wolfssl
wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
Stars: ✭ 1,098 (+1404.11%)
Mutual labels:  tls
Babassl
A Brisk and Better Assured Cryptographic Toolkit
Stars: ✭ 68 (-6.85%)
Mutual labels:  tls
Sslclient
🔒Add SSL/TLS functionality to any Arduino library
Stars: ✭ 45 (-38.36%)
Mutual labels:  tls
Internet.nl
Internet standards compliance test suite
Stars: ✭ 56 (-23.29%)
Mutual labels:  tls
Blocklist
Privacy DNS
Stars: ✭ 61 (-16.44%)
Mutual labels:  tls
Bugsite Index
Index of websites publishing bugs along the lines of heartbleed.com
Stars: ✭ 38 (-47.95%)
Mutual labels:  tls
Esp8266workshop
IoT workshop based on ESP8266, a DHT11/22 and neopixel RGB LED
Stars: ✭ 71 (-2.74%)
Mutual labels:  tls
Netcore Postgres Oauth Boiler
A basic .NET Core website boilerplate using PostgreSQL for storage, Adminer for db management, Let's Encrypt for SSL certificates and NGINX for routing.
Stars: ✭ 57 (-21.92%)
Mutual labels:  tls
Nitroshare Desktop
Network file transfer application for Windows, OS X, & Linux
Stars: ✭ 1,150 (+1475.34%)
Mutual labels:  tls
Softethervpn
Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.
Stars: ✭ 8,531 (+11586.3%)
Mutual labels:  tls
Ssl Baseline
DevSec SSL/TLS Baseline - InSpec Profile
Stars: ✭ 56 (-23.29%)
Mutual labels:  tls
Gmtls
GM TLS/SSL Based on Golang (基于国密算法的TLS/SSL代码库)
Stars: ✭ 63 (-13.7%)
Mutual labels:  tls
Subnet
Simple, auditable & elegant VPN, built with TLS mutual authentication and TUN.
Stars: ✭ 1,040 (+1324.66%)
Mutual labels:  tls
Merecat
Small and made-easy HTTP/HTTPS server based on Jef Poskanzer's thttpd
Stars: ✭ 69 (-5.48%)
Mutual labels:  tls
Tigertoolbox
Toolbox repository for Tiger team
Stars: ✭ 1,003 (+1273.97%)
Mutual labels:  tls
Acmez
Premier ACME client library for Go
Stars: ✭ 60 (-17.81%)
Mutual labels:  tls
Veracruz
Main repository for the Veracruz privacy-preserving compute project.
Stars: ✭ 71 (-2.74%)
Mutual labels:  tls
Zio Tls Http
100% non-blocking, Java NIO only( inspired by zio-nio) , JSON HTTP server based on Scala ZIO library. Everything including TLS encryption modeled as ZIO effects, convenient route DSL similar to https4s, up to 30K TPS local JSON transaction with 25 threads on 6 cores(i7) with ZIO fibers.
Stars: ✭ 71 (-2.74%)
Mutual labels:  tls
Tlslibrary
Simple TlsLibrary written in Kotlin - Provides DSL for creating TLS connections
Stars: ✭ 67 (-8.22%)
Mutual labels:  tls
View All Similar Projects ➔

hpkp

Go Report Card GoDoc Build Status

Library for performing certificate pin validation for golang applications.

Motivation

I couldn't find any Golang libraries that make key pinning any easier, so I decided to start my own library for writing HPKP aware clients. This library is aimed at providing:

  1. HPKP related tools (generate pins, inspect servers)
  2. A convenience functions for writing clients that support pin verification

Examples

To inspect the HPKP headers from the server:

$ hpkp-headers https://github.com
{"Created":1465765483,"MaxAge":5184000,"IncludeSubDomains":true,"Permanent":false,"Sha256Pins":["WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=","RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=","k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=","K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=","IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=","iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=","LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="]}

And generate pins from the certs a server presents:

$ hpkp-pins -server=github.com:443
pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=
RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=

Or generate a pin from a PEM-encoded certificate file:

$ hpkp-pins -file=cert.pem
AD4C8VGyUrvmReK+D/PYtH52cYJrG9o7VR+uOZIh1Q0=
pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=

And finally, how to use the hpkp package to verify pins as part of your application:

s := hpkp.NewMemStorage()

s.Add("github.com", &hpkp.Header{
    Permanent: true,
    Sha256Pins: []string{
        "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=",
        "RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=",
        "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=",
        "K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=",
        "IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=",
        "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=",
        "LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A=",
    },
})

client := &http.Client{}
dialConf := &hpkp.DialerConfig{
	Storage:   s,
	PinOnly:   true,
	TLSConfig: nil,
	Reporter: func(p *hpkp.PinFailure, reportUri string) {
		// TODO: report on PIN failure
		fmt.Println(p)
	},
}

client.Transport = &http.Transport{
	DialTLS: dialConf.NewDialer(),
}
resp, err := client.Get("https://github.com")

References

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].