README
¶
pwnedkeys
Package github.com/adamdecaf/pwnedkeys looks up Certificates, Certificate requests, Keys, etc in the pwnedkeys.com database.
Usage
Pull the project down into an existing project:
$ go get -u github.com/adamdecaf/pwnedkeys
Then, use the library in your existing code:
cert, err := parsePEM(certBytes)
if err != nil {
// do something with the error
}
if err := pwnedkeys.CheckCertificate(http.DefaultClient, cert); err != nil { // Use a different http.Client
// reject key/cert
}
Getting Help
Feel free to open a GitHub issue for bug reports, feature requests, or questions. I'll do my best to answer them.
Supported and Tested Platforms
- 64-bit Linux (Ubuntu, Debian), macOS
Contributing
Yes please! Please createn an issue or submit a Pull Request towards the project!
Note: This project uses Go Modules, but only the Go standard library is used. Go 1.11 is required for modules, but this library should work with older Go releases.
License
Apache License 2.0 See LICENSE for details.
Documentation
¶
Overview ¶
Package pwnedkeys looks up Certificates, Certificate requests, Keys, etc in the pwnedkeys.com database.
Lookup is done using the SubjectPublicKeyInfo (SPKI) associated with a key. The SPKI fingerprint of a key (or certificate) is the all-lowercase hex-encoded SHA-256 hash of the DER-encoded form of the subjectPublicKeyInfo ASN.1 structure representing a given public key.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrKeyFound is returned when the key was found in pwnedkeys.com database ErrKeyFound = errors.New("private key found in pwnedkeys.com database") // ErrHashFailed is returned only when the SHA-256 hashing fails. ErrHashFailed = errors.New("unable to generate SHA-256 hash") )
Functions ¶
func CheckCertificate ¶
func CheckCertificate(client *http.Client, cert *x509.Certificate) error
CheckCertificate returns a ErrKeyFound if the key information is found in the pwnedkeys.com database. Finding key data implies a compromised key.
Types ¶
This section is empty.
Source Files