Certificate pinning examples
Android (Java)
Android (Kotlin)
C
C#
cURL
Go
Java
NodeJS
PHP
Python
Ruby
Rust
Swift
Mobile References
Android
iOS - Reference
iOS - TrustKit
Pinning References
Wikipedia HTTP public key pinning
OWASP pinning cheat sheet
OWASP pinning information
Recommendations
- Not this
- If someone is in a position to intercept your traffic they can change the results of your api query to
cert.ist
- Why then?
- This project has two goals:
-
- Show how to get a JSON value from an api in each language
- Show how to perform pinning of a certificate in each language
- Design patterns
- Typical design patterns are to include the hash to be use to pin in your released product, this means the
certificate's hash is static for the lifetime of your application