General

Generating Subresource Integrity (SRI)

Since launching my online recruitment platform and job vacancy portal. I became interested in rolling out my own content delivery network (CDN) to host my portal’s images, javascript and CSS. Thanks to NGINX, implementing a CDN is easy. Of course we need to ensure that our digital assets are not compromised during transport so we need to add Subresource Integrity (SRI) to our files.

openssl dgst -sha384 -binary site.css | openssl base64 -A

Using openssl is fine but I want to try writing a golang base program to generate the SRI hash for me. You can find the snippet below and code at my github https://github.com/johnpili/srigen

package main

import (
	"crypto/sha512"
	b64 "encoding/base64"
	"fmt"
	"io/ioutil"
	"os"
)

func main() {
	args := os.Args[1:] // Fetch the program arguments excluding the program name
	if len(args) == 0 {
		fmt.Println("Usage: srigen \"filename\"")
	} else {
		b, err := ioutil.ReadFile(args[0])
		if err != nil {
			panic(err)
		}
		hash := sha512.New384()

		hash.Write(b)
		hashResult := hash.Sum(nil)

		result := b64.StdEncoding.EncodeToString(hashResult)
		fmt.Printf("sha384-%s\n", result)
	}
}
Subresource Integrity used in CDN
Subresource Integrity used in CDN