[gnutls-devel] How to generate sums for Public-Key-Pins HTTP header ?

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Feb 20 12:47:05 CET 2017

On Mon, Feb 20, 2017 at 11:05 AM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> Hi,
> is there a tool (certtool ?) or script to generate the base64 encoded sha256
> sums of a cert's pubkey?

I do not think there is a direct option to get it in base64, but you
can get it in hex as:
certtool --key-id --hash sha256 --infile cert.pem
or (for older releases which didn't have --key-id)
certtool --pubkey-info --outder --infile cert.pem|sha256sum|cut -d ' ' -f 1

Then you can go to base64 as:
certtool --pubkey-info --outder --infile cert.pem|sha256sum|cut -d ' '
-f 1|xxd -r -p|base64


More information about the Gnutls-devel mailing list