SPKIpinning - Infinite Lexicon - Infinite Lexicon

SPKIpinning

SPKI pinning, short for Subject Public Key Info pinning, is a form of certificate pinning used in Transport Layer Security to bind a domain to a specific public key. In SPKI pinning, a cryptographic hash of the SubjectPublicKeyInfo from a server certificate is stored as the pin for that domain. Clients that implement SPKI pinning keep one or more pins for a host and, during a TLS handshake, verify that the server’s certificate SPKI matches one of the pins. If there is no match, the connection is rejected or a warning is issued.

Pins are typically based on a SHA-256 hash of the SPKI, and multiple pins may be configured

The main purpose of SPKI pinning is to protect against misuse or mis-issuance of certificates by compromised

Implementation and considerations: SPKI pinning requires careful key management. If a domain changes its public key

A

a

a

a

a

configurations;

certificate-pinning