TL;DR
HTTP Public Key Pinning (HPKP) is a security mechanism that tells web browsers which public keys they should trust for your website. It helps prevent man-in-the-middle attacks by ensuring the browser only accepts certificates signed by those specific keys. While HPKP has been deprecated, understanding it provides valuable context for modern certificate pinning techniques.
What is HTTP Public Key Pinning?
Normally, browsers trust Certificate Authorities (CAs) to verify website identities. HPKP allowed you to add extra security by explicitly listing the public keys your site uses in a special header. If a rogue CA issued a certificate not matching those pinned keys, the browser would refuse to connect.
Why was HPKP deprecated?
HPKP proved difficult to implement correctly and had several drawbacks:
- Recovery issues: If you made a mistake in your pinning configuration (e.g., forgot to update it after a key rotation), users could be locked out of your site.
- Complexity: Setting up HPKP was complex and prone to errors.
- Limited browser support: Support varied across browsers.
Modern alternatives like Certificate Transparency (CT) and HSTS with preloading offer better security and are easier to manage.
How did HPKP work?
- Generate a Pin Set: You needed the public keys of your website’s certificates. These were typically SHA-256 hashes of the public key itself.
- Add the
Public-Key-Pinsheader: This header was sent with every HTTPS response from your server. It contained a list of these pins, along with directives likepin-allowlistandpin-sha256. - Browser Validation: When a user visited your site, the browser checked if the certificate’s public key matched one of the pinned keys in the header. If there was no match, the connection was blocked.
Example Public-Key-Pins Header
Public-Key-Pins: pin-allowlist; pin-sha256="MkWADK5aolxvfEHP9cQOzw5+rlX8dmJXTsqjWmW7a0g="; includeSubDomains; report-uri /hpkp-reportExplanation:
pin-allowlist: Allows the browser to accept any certificate that matches one of the listed pins.pin-sha256="MkWADK5aolxvfEHP9cQOzw5+rlX8dmJXTsqjWmW7a0g=": Specifies a specific SHA-256 hash of a public key that is trusted. You can include multiplepin-sha256directives.includeSubDomains: Applies the pinning policy to all subdomains of your website.report-uri /hpkp-report: Specifies an endpoint on your server where browsers should send reports if a pin validation fails. This is useful for monitoring and debugging.
Generating Pin Hashes
You can use OpenSSL to generate the SHA-256 hash of a public key:
openssl x509 -pubkey -noout -modulus -in your_certificate.pem | openssl sha256Alternatives to HPKP
- Certificate Transparency (CT): CT logs all issued certificates, making it harder for rogue CAs to issue fraudulent ones.
- HSTS with Preloading: HTTP Strict Transport Security forces browsers to use HTTPS and can be preloaded into browser lists, providing strong security without the complexities of HPKP.
- Certificate Pinning in Applications: Implement certificate pinning directly within your mobile or desktop applications for more control.
Conclusion
While HPKP is no longer recommended due to its drawbacks, understanding its principles can help you appreciate the importance of certificate validation and explore modern alternatives that offer better security and manageability.