42c3e849d13ed520f1e058c2f6e91bb594c6ef54
services/Distributed-Wiki.md
| ... | ... | @@ -39,15 +39,19 @@ A custom header `X-SiteID` identifies the site you're connecting to: |
| 39 | 39 | |
| 40 | 40 | ##### Enabling [HPKP](https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning) |
| 41 | 41 | |
| 42 | - - Extract base64 encoded SPKI fingerprint from private key: |
|
| 42 | + - Extract base64 encoded SPKI fingerprint from private key `wiki.key`: |
|
| 43 | 43 | |
| 44 | - `openssl rsa -in wiki.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64` |
|
| 44 | + ``` |
|
| 45 | +openssl rsa -in wiki.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 |
|
| 46 | + ``` |
|
| 45 | 47 | |
| 46 | 48 | - Configure Nginx to send the fingerprint in header: |
| 47 | 49 | |
| 48 | - `add_header Public-Key-Pins 'pin-sha256="<primary>";pin-sha256="<backup>"; max-age=0; includeSubDomains';` |
|
| 50 | + ``` |
|
| 51 | +add_header Public-Key-Pins pin-sha256="<primary>";pin-sha256="<backup>"; max-age=0; includeSubDomains'; |
|
| 52 | + ``` |
|
| 49 | 53 | |
| 50 | - + `<primary>` - the fingerprint extracted from your wiki.key |
|
| 54 | + + `<primary>` - the fingerprint extracted from `wiki.key` |
|
| 51 | 55 | + `<backup>` - the CA fingerprint: `mJ1xUCzfru8Ckq2+M6VkNKGOGgSETImRAHBF24mjalw=` |
| 52 | 56 | |
| 53 | 57 | Read more about this [here](https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning). |