badkeys.info provides a service that allows checking cryptographic public keys for known vulnerabilities.
It currently checks for the following vulnerabilities:
- Debian OpenSSL bug (CVE-2008-0166)
- Common prime factor vulnerability ("Mining Your Ps and Qs", 2012)
- Return of Coopersmith's attack / ROCA (CVE-2017-15361)
- keypair / Gitkraken bug (CVE-2021-41117)
- Fermat Attack (CVE-2022-26320)
- Various "Public Private Keys"
Currently most checked vulnerabilities affect RSA, support for other key types may be added in the future.
If you plan to check a large number of keys we recommend that you use the badkeys software. It provides a Python library and command line tool.
The web page layout is based on the Milligram CSS framework by CJ Patoilo (MIT license). The favicon uses an icon from from SVG Repo (CC0 license).