chopper icon indicating copy to clipboard operation
chopper copied to clipboard
verified publisher icon lejard-h

how to use public key pinning?

Open MangeshKadam opened this issue 6 years ago • 6 comments

MangeshKadam avatar Apr 08 '20 06:04 MangeshKadam

Is that this thing? https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning Isn't it deprecated-old?

JEuler avatar Apr 17 '20 06:04 JEuler

so we used public key pinning in native android projects. Thanks for informing this is deprecated. I wanted to achieve the same in flutter project. Any other alternative to avoid man in the middle attack will be good. Does chopper provides any mechanism for the same?

MangeshKadam avatar Apr 17 '20 07:04 MangeshKadam

Hm, I don't have experience with that, maybe @stewemetal @lejard-h have. As I understand, https://github.com/dart-lang/sdk/issues/35981 - this is the thing you can use for pinning, https://github.com/dart-lang/sdk/issues/35981#issuecomment-535729786

JEuler avatar Apr 17 '20 08:04 JEuler

@JEuler HPKP is not the same as simply pinning the public key in an app – which is not deprecated at all –, but refers to the method of pinning the public key through an HTTP header.

nioncode avatar Apr 23 '20 21:04 nioncode

@nioncode Thank you for the information!

JEuler avatar Apr 25 '20 05:04 JEuler

do we have any solution?

MangeshKadam avatar Jun 05 '20 06:06 MangeshKadam

@techouse can you show an example how this can be done, since you closed it as completed?

nioncode avatar Jul 04 '24 12:07 nioncode

@nioncode use https://pub.dev/packages/certificate_pinning_httpclient as your Client.

techouse avatar Jul 04 '24 14:07 techouse