react-native-ssl-pinning-guard
v1.0.9
Published
SSL pinning module for React Native using TurboModules
Maintainers
saurabhchReadme
react-native-ssl-pinning-guard
A robust SSL Pinning plugin for React Native, supporting New Architecture (TurboModules) for Android and iOS. Pass domains and public key hashes from TypeScript — no hardcoding in native code.
📦 Installation
yarn add react-native-ssl-pinning-guard
cd ios && pod install⚙️ Configuration (New Architecture)
Ensure TurboModules are enabled in your React Native project.
🔐 Usage
import SslPinningGuard from 'react-native-ssl-pinning-guard';
SslPinningGuard.configure({
domains: ['api.example.com'],
hashes: ['base64_encoded_sha256_pubkey']
});domains: List of domains to pinhashes: SHA256 public key hashes in Base64 format (use tools like OpenSSL to get it)
✅ How to Get Public Key Hash
- Get the certificate:
openssl s_client -connect api.example.com:443 | openssl x509 > cert.pem- Extract public key:
openssl x509 -in cert.pem -pubkey -noout > pubkey.pem- Convert to DER:
openssl pkey -pubin -in pubkey.pem -outform DER | openssl dgst -sha256 -binary | openssl base64Use that base64 string in the hashes array.
📱 Platform Support
- ✅ Android (Kotlin + OkHttp)
- ✅ iOS (NSURLSession + SecTrust)
👮 Security
- Public Key Hash Pinning (preferred over certificate pinning)
- Prevents MITM by rejecting untrusted certs
- Works with custom API clients (OkHttpClient on Android, NSURLSessionDelegate on iOS)
🛡️ Next Steps
- Add Jailbreak / Root / Debugger detection
- Obfuscate strings and hashes
📂 Structure
react-native-ssl-pinning-guard/
├── android/
├── ios/
├── src/
├── babel.config.js
├── README.md
└── ...🧪 Example
SslPinningGuard.configure({
domains: ['secure.myapi.com'],
hashes: ['yRtD48DUeF29ZUdOn8LqLqfydnVGckLtb+5KMcMlEZg=']
});