Enter Key:

Clear

Supported are X.509 certificates (CRT), Certificate Signing Requests (CSR), PEM public and private keys according to PKCS #1 and PKCS #8, and SSH public keys. (While supported, uploading private keys is obviously discouraged for production keys.)

Fill with test data

Normal RSA key ROCA Fermat Debian OpenSSL Many zeros Corrupt Unusual size Small key Exponent 3 Ed25519 RFC example

Success Stories

• DKIM keys vulnerable to Debian OpenSSL bug: badkeys helped to discover that many DKIM keys were vulnerable to CVE-2008-0166 in 2024.
• Fermat attack: badkeys discovered weak RSA keys generated by printer firmware that can be trivially broken with Fermat's factorization algorithm (CVE-2022-26320).
• Certificates with ROCA keys: badkeys detected certificates used by Yahoo with keys vulnerable to the ROCA attack (2021).
• New insights about historic Debian OpenSSL bug: During the development of badkeys, it was discovered that the 2008 Debian OpenSSL bug can also impact elliptic curve / ECDSA keys (2022).
• Certificates with OpenSSL test keys: badkeys discovered certificates that used example private keys from OpenSSL (2021).

Vulnerabilities

The badkeys service checks for these vulnerabilities:

• Debian OpenSSL bug (CVE-2008-0166)
• Common prime factor vulnerability ("Mining Your Ps and Qs", 2012)
• Return of Coopersmith's attack / ROCA (CVE-2017-15361)
• keypair / Gitkraken bug (CVE-2021-41117)
• Fermat Attack (CVE-2022-26320)
• Various "Public Private Keys"

Furthermore, the following discouraged practices are checked:

• DSA keys
• Small or unusual RSA exponent value
• Small or unusual RSA key size

You can find badkeys on Mastodon.

This project was created by Hanno Böck. The code checking for vulnerable keys is available on Github.

badkeys is currently funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

This work was initially funded in 2022 by Industriens Fond through the CIDI project (Cybersecure IOT in Danish Industry) and the Center for Information Security and Trust (CISAT) at the IT University of Copenhagen, Denmark.