Enter Key:

Clear

Supported are X.509 certificates (CRT), Certificate Signing Requests (CSR), PEM public and private keys according to PKCS #1 and PKCS #8, and SSH public keys. (While supported, uploading private keys is obviously discouraged for production keys.)

Fill with test data

Normal RSA key ROCA Fermat Debian OpenSSL Many zeros Corrupt Unusual size Small key Exponent 3 Ed25519 RFC example

Vulnerabilities

The badkeys service checks for these vulnerabilities:

• Debian OpenSSL bug (CVE-2008-0166)
• Common prime factor vulnerability ("Mining Your Ps and Qs", 2012)
• Return of Coopersmith's attack / ROCA (CVE-2017-15361)
• keypair / Gitkraken bug (CVE-2021-41117)
• Fermat Attack (CVE-2022-26320)
• Various "Public Private Keys"

This project was created by Hanno Böck. The code checking for vulnerable keys is available on Github.

This work was funded in part by Industriens Fond through the CIDI project (Cybersecure IOT in Danish Industry) and in part by the Center for Information Security and Trust (CISAT) at the IT University of Copenhagen, Denmark.