如何在Flutter中固定公钥？

如何在Flutter中固定公钥？

创建一个

SecurityContext

没有可信任根的客户端以强制执行错误的证书回调，即使是获得良好的证书也是如此。

SecurityContext(withTrustedRoots: false);

在错误的证书回调中，使用asn1lib包解析DER编码的证书。例如：

ASN1Parser p = ASN1Parser(der);ASN1Sequence signedCert = p.nextObject() as ASN1Sequence;ASN1Sequence cert = signedCert.elements[0] as ASN1Sequence;ASN1Sequence pubKeyElement = cert.elements[6] as ASN1Sequence;ASN1BitString pubKeyBits = pubKeyElement.elements[1] as ASN1BitString;List<int> enpredPubKey = pubKeyBits.stringValue;// could stop here and compare the enpred key parts, or...// parse them into their modulus/exponent parts, and test those// (assumes RSA public key)ASN1Parser rsaParser = ASN1Parser(enpredPubKey);ASN1Sequence keySeq = rsaParser.nextObject() as ASN1Sequence;ASN1Integer modulus = keySeq.elements[0] as ASN1Integer;ASN1Integer exponent = keySeq.elements[1] as ASN1Integer;print(modulus.valueAsBigInteger);print(exponent);