Check for ROCA factorisation weaknesses

amazon-archives / certlint

X.509 certificate linter

Apache License 2.0

157 stars 42 forks source link

Check for ROCA factorisation weaknesses #55

Open mpalmer opened 7 years ago

mpalmer commented 7 years ago

Based on sample Python code from https://github.com/crocs-muni/roca.

pzb commented 6 years ago

What would you think if having a class that tests for weak keys? ROCA is one example, Debian weak keys are another, so are keys with small factors. The class would take a OpenSSL::PKey (rather than cert) so it can be used with CSRs and such.

If you agree, I'll merge then refactor.

mpalmer commented 6 years ago

Sounds reasonable to have a whole bucket of key-related checks in one place.