badkeys

Fill with test data

Success Stories

• Compromised keys in OpenID Connect deployments (2025)
• DKIM keys vulnerable to Debian OpenSSL bug (CVE-2008-0166) in 2024
• Fermat attack: badkeys discovered weak RSA keys generated by printer firmware that can be trivially broken with Fermat's factorization algorithm (CVE-2022-26320).
• Certificates with ROCA keys: badkeys detected certificates used by Yahoo with keys vulnerable to the ROCA attack (2021).
• New insights about historic Debian OpenSSL bug: During the development of badkeys, it was discovered that the 2008 Debian OpenSSL bug can also impact elliptic curve / ECDSA keys (2022).
• Certificates with OpenSSL test keys: badkeys discovered certificates that used example private keys from OpenSSL (2021).

Vulnerabilities

The badkeys service checks for these vulnerabilities:

• Keys in 2025 Fortinet/Fortigate leak (CVE-2022-40684)
• Debian OpenSSL bug (CVE-2008-0166)
• Common prime factor vulnerability ("Mining Your Ps and Qs", 2012)
• Return of Coopersmith's attack / ROCA (CVE-2017-15361)
• keypair / Gitkraken bug (CVE-2021-41117)
• Fermat Attack (CVE-2022-26320)
• Small private Exponent / Wiener's Attack
• Various "Public Private Keys"

Furthermore, the following discouraged practices are checked:

• DSA keys
• Small or unusual RSA exponent value
• Small or unusual RSA key size

You can find badkeys on Mastodon.