PrivateKey detector should emit some metadata about the corresponding certificate if available

[hasnain-db]

Description

In some cases private keys are committed alongside the certificate chain in the same file. In those cases, it would be great if TruffleHog can also emit metadata about the cert (similar to how e.g. the AWS detector emits the account ID). In particular, some fields I think would be relevant:

• Certificate expiry
• The name of the CA
• Subject name (and alternative names)
• Key usage / extended key usage
• A hash or a key id to help correlate with inventories.

Preferred Solution

N/A

Additional Context

N/A

References

Conceptually, I think this aligns well with what driftwood already does: https://trufflesecurity.com/blog/driftwood

[ahrav]

Hey @hasnain-db, thanks for opening this issue! I’m working on updating Driftwood to store some of the issuer information that wasn’t previously saved. Once that’s done, I’ll re-index the existing records and update the private key detector to include the information you mentioned in the ExtraData field.

One thing to note: we might not be able to retrieve issuer information for all certificates, as some of the CT servers we indexed in the past are no longer online. I’ll link the PR for the private key detector update to this issue once I start working on it.

[hasnain-db]

thanks @ahrav ! Really appreciate this. FWIW I added 2 more fields to the list after consulting with someone else.