If you have a public or private key, you can see if the key appears in the pwnedkeys database using the pwnedkeys API.
The list of tools and libraries given below may be helpful to get you integrating pwnedkeys API queries into your own systems. If there is no suitable implementation already available, the API specification should give you enough information to be able to develop your own integration. To have your library or tool added below, please contact us, or create a GitHub PR.
Tools
All the tools below will both query the API and validate the response.
-
pwnedkeys-query– a Ruby-based command-line client.
Libraries
All libraries included below support both querying and validating responses.
-
Ruby:
pwnedkeys-api-clientgem. -
Golang:
github.com/adamdecaf/pwnedkeys, by Adam Shannon.
Examples
To help you in verifying that your querying code is working correctly, you can use the following “test” RSA and ECDSA private keys, which have been used to generate a dummy CSR and self-signed certificate. They can be looked up in the pwnedkeys API, and should return a “yes, this is pwned” response at all times.
| Type | Fingerprint(s) | Key | CSR | Cert |
|---|---|---|---|---|
| 2048 RSA |
9e03b56749abe821a6f5299d6f634b35404975f0552eb3347bf3adfad9af1109 (SPKI)
bdf576ad9f94b5a7ca92921e3e6f83c8de5178f47989e110add708e133b644ff (modulus) |
PEM
DER |
PEM
DER |
PEM
DER |
| P-256 EC |
819f7d1dcd9f07bfcb59b7699f68994d89390c3bcd498cf7fb2e1ef3d272b89b
316194405bf1c56c3395c4b6fcf32af83ca0e273fbf0832ef8364069a178ad75 |
PEM
DER |
PEM
DER |
PEM
DER |