If you have a disclosed private key you wish to submit to the pwnedkeys database, firstly: thank you! Community contributions are how we get most of our keys. There are several options for submitting a pwnedkey.
Method 1: Submit the full private key
The preferred method of submitting a private key is to e-mail us the complete private key. This ensures future compatibility and flexibility in how the database and API evolve.
Keys for submission can be e-mailed as an attachment to
GPG encrypted to key
Please submit the key in PEM format if possible, or at least indicate the
format of the private key in your submission.
Method 2: Provide a signed attestation of compromise
If, for some reason, you’re unwilling to provide the private key itself, you can instead provide an appropriate formatted attestation of key compromise, which can be served via the v1 API. The easiest way to do that is to use the pwnedkeys-prove-pwned program.
E-mail the generated attestation, along with the associated public key
(preferably in PEM format), to
firstname.lastname@example.org as attachments.