Private keys are supposed to be, well… private. If a key is out there “in the wild”, anyone could have it. Anyone could be using it to compromise your security.

Want to know if a private key is in the wild? This site is for you. We collect private keys, and provide you with proof they’re compromised, so you can know when a key is untrustworthy.

To see whether a key is in our database, look it up.

If you have a compromised key, please submit it.

Pwnedkeys also operates the pwnedkeys Revokinator, an automated service that requests revocation of WebPKI certificates that use known-compromised keys.

If you have questions or comments, feel free to check out the FAQ or contact us.