badkeys.info provides a service that allows checking cryptographic public keys for known vulnerabilities.
It currently checks for the following vulnerabilities:
Currently most checked vulnerabilities affect RSA, support for other key types may be added in the future.
If you plan to check a large number of keys we recommend that you use the badkeys software. It provides a Python library and command line tool.
The web page layout is based on the Milligram CSS framework by CJ Patoilo (MIT license). The favicon uses an icon from from SVG Repo (CC0 license).
This project was created by Hanno Böck. The code checking for vulnerable keys is available on Github.
badkeys is currently funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.
This work was initially funded in 2022 by Industriens Fond through the CIDI project (Cybersecure IOT in Danish Industry) and the Center for Information Security and Trust (CISAT) at the IT University of Copenhagen, Denmark.