NAME¶
openssl-vulnkey —
check blacklist of
compromised certificates, requests and keys
SYNOPSIS¶
openssl-vulnkey |
[-q] file
... |
openssl-vulnkey |
[-q] -b
BITS -m
MODULUS |
DESCRIPTION¶
openssl-vulnkey checks a certificate, request or key against a
blacklist of compromised moduli.
A substantial number of certificates, requests and keys are known to have been
generated using a broken version of OpenSSL distributed by Debian which failed
to seed its random number generator correctly. x509 certificates, certificate
requests and RSA keys generated using these OpenSSL versions should be assumed
to be compromised. This tool may be useful in checking for such OpenSSL x509
certificates, certificate requests and RSA keys.
Certificates, requests and keys that are compromised cannot be repaired;
replacements must be generated using
openssl(8).
If “-” is given as an argument,
openssl-vulnkey
will read from standard input. This can be used to process certificate output
from
s_client(1ssl), for example:
$ echo | openssl s_client -connect
remote.example.org:https | openssl-vulnkey -
will test the certificate used by remote.example.org for HTTPS.
The options are as follows:
- -q
- Quiet mode. Normally, openssl-vulnkey
outputs the fingerprint of each file scanned, with a description of its
status. This option suppresses that output.
- -b
- Number of bits for the modulus specified. Requires -m.
- -m
- Check modulus. Requires -b.
The blacklist file may start with comments, on lines starting with
“#”. After these initial comments, it must follow a strict format:
- Each line must consist of
the lower-case hexadecimal SHA1 fingerprint of the certificate or key's
modulus, and with the first 20 characters removed (that is, the least
significant 80 bits of the fingerprint).
The fingerprint of the modulus may be generated using
$ openssl x509 -noout -modulus -in file |
sha1sum | cut -d ' ' -f 1
$ openssl rsa -noout -modulus -in file |
sha1sum | cut -d ' ' -f 1
$ openssl req -noout -modulus -in file |
sha1sum | cut -d ' ' -f 1
This strict format is necessary to allow the blacklist file to be checked
quickly.
SEE ALSO¶
openssl(1)
AUTHORS¶
Jamie Strandboge ⟨jamie@ubuntu.com⟩
Much of this manpage is based on Colin Watson's
ssh-vulnkey(1)