Skip to content

Latest commit

 

History

History
10 lines (7 loc) · 1.07 KB

README.md

File metadata and controls

10 lines (7 loc) · 1.07 KB

private_keys

Debian weak keys, DER-encoded in the following formats:

These private keys were generated using the tools in the key_generator repository. Using these private keys, CAs can implement their own Debian weak key checks without having to be tied to the RSA-only blocklist format made available by Debian when the CVE-2008-0166 vulnerability was first disclosed.

NOTE: When designing Debian weak key checks, it is important for CAs to be aware that all RSA public exponents are equally vulnerable when used with an RSA modulus generated by a vulnerable Debian system.

CAs could consider using the pregenerated blocklists in the dwk_blocklists repository, which list the SHA-256 hashes of the RSA moduli and EC X-coordinates of the private keys in this repository.