This package is abandoned and no longer maintained. No replacement package was suggested.

Easily integrate HTTP Public-Key-Pinning headers into your application.

v0.1.0 2016-06-19 16:02 UTC

This package is auto-updated.

Last update: 2024-05-08 17:00:14 UTC


Build Status

This library aims to make it easy to build HTTP Public-Key-Pinning headers in your PHP projects. HPKP Builder was was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.

Check out our other open source projects too.

PHP Version requirements

  • PHP 7.0 or newer

Build a Public-Key-Pinning header from a JSON configuration file


use \ParagonIE\HPKPBuilder\HPKPBuilder;

$hpkp = HPKPBuilder::fromFile('/path/to/source.json');

Example JSON configuration

    "hashes": [
            "algo": "sha256",
            "hash": "hwGEkxDWJ2oHtKv6lsvylKvhotXAAZQR1e0nq0eb2Vw="
            "algo": "sha256",
            "hash": "0jum0Eiu4Eg6vjn3zTmyd/RobfN6e4EagFQcz6E5ZKI="
    "include-subdomains": false,
    "max-age": 5184000,
    "report-only": false,
    "report-uri": null

Build a Public-Key-Pinning Header


use \ParagonIE\HPKPBuilder\HPKPBuilder;

$hpkp = (new HPKPBuilder)