badkeys.info provides a service that allows checking cryptographic public keys for known vulnerabilities.

It currently checks for the following vulnerabilities:

Currently most checked vulnerabilities affect RSA, support for other key types may be added in the future.

If you plan to check a large number of keys we recommend that you use the badkeys software. It provides a Python library and command line tool.



This project was created by Hanno Böck. The code checking for vulnerable keys is available on Github.

This work was funded in part by Industriens Fond through the CIDI project (Cybersecure IOT in Danish Industry) and in part by the Center for Information Security and Trust (CISAT) at the IT University of Copenhagen, Denmark.