You’ve got questions? This FAQ (might) have answers!
-
Wait, what do you do?
From time to time, private keys (the part of a key which you’re supposed to keep, well, private) become less private. When that happens, it’s a really bad idea to keep using them, because anyone can then pretend to be the real owner or the key. Various organisations have a duty to try and stop users from using compromised keys, such as Certification Authorities (the people who hand out SSL certificates), but it’s hard for them to know whether a key’s been compromised because they’re… everywhere.
This site is intended to be the place where people can go to determine whether a key has been compromised, somehow, and should not be used.
-
How do keys get compromised?
A variety of ways. Most often they just get leaked accidentally by the legitimate owner of the key, by putting it somewhere not private, like GitHub or pastebin. Occasionally they’ll be embedded in software which is publicly released, or stolen by someone breaking into a machine. Every now and then, a systemic weakness in a piece of software causes a whole heap of keys to be compromised all at once.
-
How does pwnedkeys work?
If you have a public key, you can generate a “thumbprint” of that key, and then ask the pwnedkeys API if that key has been compromised.
-
How do I know you’re not lying to me?
When the pwnedkeys API sends back a response to your query saying “yes, this key is compromised”, it also provide some data signed by the private key. Since the only way to create that signature is by having possession of the private key, if someone can manage to get a signature on something that says “this key is pwned”, then, well, one way or another, it is.
-
Where do you get compromised keys from?
Mostly by searching the Internet and finding them. Some get submitted by helpful individuals, too.
-
What kinds of keys does pwnedkeys store?
The pwnedkeys database keeps records of 1024 bit and larger RSA keys, as well as elliptic-curve keys on the P-256, P-384, and P-521 curves. Support for curve25519 and curve448 keys are planned. Other key types may be added, subject to demand and availability of the relevant standards.
DSA keys, and RSA keys smaller than 1024 bits, are not kept, as these keys are generally considered of limited security, and in general should not be used at all, whether they are known to be compromised or not.
-
What do I do if my key is reported as compromised?
If you are the legitimate owner of the key, then you need to replace it with a new one as soon as possible, and work out how the previous one got compromised so it doesn’t happen again. If you’re a CA or other organisation that wants to trust a presented key, don’t. There’s absolutely no guarantee that the signature you’re looking at comes from the legitimate owner of the key.
-
Why do you return compromise attestations as JWS objects?
Because it seemed like the least-worst option available. Using some sort of X.509 data structure (such as a CSR, or even a self-signed certificate of some sort) risks the possibility of confusing a compromise attestation for a “regular” CSR.
However, it was found in practice that Certificate Authorities were unable to deal with a JWS, so the CSR format was produced as an alternative format for them. So now you can choose which sort of cryptographic nightmare you want to have: ASN.1/DER, or JOSE.
-
Why do I need to login to use some tools?
Tools that require login are those which impose load on external services. To reduce the risk of Pwnedkeys being used as an abuse vector, an account is required to use those tools.
-
Who is behind this?
The primary developer and maintainer of pwnedkeys is Matt Palmer, a long-time security and crypto(graphy!) afficionado.
-
Can I give you money?
Absolutely! We like money. If you’re an individual, you can buy Matt a refreshing beverage on ko-fi, while if you’re interested in a corporate sponsorship, you can email
sales@pwnedkeys.com
to discuss the available options. -
I have more questions!
Feel free to send an e-mail and ask away.