If you have a public or private key, you can see if the key appears in the pwnedkeys database using the pwnedkeys API.

The list of tools and libraries given below may be helpful to get you integrating pwnedkeys API queries into your own systems. If there is no suitable implementation already available, the API specification should give you enough information to be able to develop your own integration. To have your library or tool added below, please contact us, or create a GitHub PR.

Tools

All the tools below will both query the API and validate the response.

Libraries

All libraries included below support both querying and validating responses.

Examples

To help you in verifying that your querying code is working correctly, you can use the following “test” RSA and ECDSA private keys, which have been used to generate a dummy CSR and self-signed certificate. They can be looked up in the pwnedkeys API, and should return a “yes, this is pwned” response at all times.

Type Fingerprint(s) Key CSR Cert
2048 RSA 9e03b56749abe821a6f5299d6f634b35404975f0552eb3347bf3adfad9af1109 (SPKI)
bdf576ad9f94b5a7ca92921e3e6f83c8de5178f47989e110add708e133b644ff (modulus)
PEM
DER
PEM
DER
PEM
DER
P-256 EC 819f7d1dcd9f07bfcb59b7699f68994d89390c3bcd498cf7fb2e1ef3d272b89b
316194405bf1c56c3395c4b6fcf32af83ca0e273fbf0832ef8364069a178ad75
PEM
DER
PEM
DER
PEM
DER