Month: May 2015

You Know You’re a ChileHead if

Posted on by mario
  1. You don’t have to worry about your roommates stealing your food
  2. Your toilet paper spontaneously combusts after use
  3. You’re tired of people asking about those dried Thai peppers floating around in your breakfast cereal.
  4. More than half of the souvenirs from that last tropical vacation were hot sauces and spices
  5. You never go in to a food store without checking the price, or selection of hot peppers and hot sauces.
  6. The door of your refrigerator has more than ten bottles of hot sauce.
  7. The sissy salsa you made, accidentally, seems to set most of your coworkers on fire.
  8. “Ring of fire” and “burns twice” actually mean something to you.
  9. You have ever sent/received contraband Chile seeds from a foreign country
  10. you sweat, even in the middle of winter.
  11. You carry one of those little Tabasco bottles around with you. Just in case.
  12. When cooking, you often start sneezing. Just because.

Public Key Pinning php for httpd apache

Posted on by mario

Public Key Pinning Extension for HTTP (HPKP) on Apache2. HPKP tries to detect MITM attacks with valid certificates. The browser stores the hash code in the internal storage and verifies the public key against that sum.

Since it is not that easy to create a public pin under windows, here is a php script that does this

<?php
// openssl x509 -in example.crt -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | base64
if(!isset($argv['1'])){
    die('certificate not set');
}
$certificate = $argv['1'];
$public_key = openssl_get_publickey(file_get_contents($certificate));
$public_key_details = openssl_pkey_get_details($public_key);
$public_key_pem = $public_key_details['key'];

//Convert PEM to DER before SHA1'ing
$string_start = '-----BEGIN PUBLIC KEY-----';
$string_end = '-----END PUBLIC KEY-----';
$pem_trimed = substr($public_key_pem, (strpos($public_key_pem, $string_start)+strlen($string_start)), (strlen($public_key_pem) - strpos($public_key_pem, $string_end))*(-1));
$der = base64_decode($pem_trimed);

// 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= is an empty hash
echo PHP_EOL. "Header always set Public-Key-Pins 'pin-sha256=\"" . base64_encode(openssl_digest($der,'sha256',true)) ."\"; pin-sha256=\"bZ3qT75yZLagDEADBEEF0h3KAseeheXXJ5dliOfLB2A=\"; max-age=5184000'". PHP_EOL;

Add that config statement to correct SSL vhost

 

C:\>php public_pinning.php example.crt

<VirtualHost *:443>
	ServerName example.com
    ServerAlias www.example.com
Header always set Public-Key-Pins "pin-sha256=\"bZ3qT75yZLagDEADBEEF0h3KAseeheXXJ5dliOfLB2A=\"; "pin-sha256=\"sef3575yZLagDEADBEEF0h3KAseeheXXJ5dliOfLdfe=\"; max-age=5184000"

Archive for May, 2015

Archives by Month: