pwnedkeys

package module
Version: v0.0.0-...-3a88ade Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2018 License: Apache-2.0 Imports: 6 Imported by: 0

README

pwnedkeys

GoDoc Build Status Coverage Status Go Report Card Apache 2 licensed

Package github.com/adamdecaf/pwnedkeys looks up Certificates, Certificate requests, Keys, etc in the pwnedkeys.com database.

Usage

Pull the project down into an existing project:

$ go get -u github.com/adamdecaf/pwnedkeys

Then, use the library in your existing code:

cert, err := parsePEM(certBytes)
if err != nil {
     // do something with the error
}
if err := pwnedkeys.CheckCertificate(http.DefaultClient, cert); err != nil { // Use a different http.Client
    // reject key/cert
}

Getting Help

Feel free to open a GitHub issue for bug reports, feature requests, or questions. I'll do my best to answer them.

Supported and Tested Platforms

  • 64-bit Linux (Ubuntu, Debian), macOS

Contributing

Yes please! Please createn an issue or submit a Pull Request towards the project!

Note: This project uses Go Modules, but only the Go standard library is used. Go 1.11 is required for modules, but this library should work with older Go releases.

License

Apache License 2.0 See LICENSE for details.

Documentation

Overview

Package pwnedkeys looks up Certificates, Certificate requests, Keys, etc in the pwnedkeys.com database.

Lookup is done using the SubjectPublicKeyInfo (SPKI) associated with a key. The SPKI fingerprint of a key (or certificate) is the all-lowercase hex-encoded SHA-256 hash of the DER-encoded form of the subjectPublicKeyInfo ASN.1 structure representing a given public key.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrKeyFound is returned when the key was found in pwnedkeys.com database
	ErrKeyFound = errors.New("private key found in pwnedkeys.com database")

	// ErrHashFailed is returned only when the SHA-256 hashing fails.
	ErrHashFailed = errors.New("unable to generate SHA-256 hash")
)

Functions

func CheckCertificate

func CheckCertificate(client *http.Client, cert *x509.Certificate) error

CheckCertificate returns a non-nil error only if the key information is found in the pwnedkeys.com database. Finding key data implies a compromised key.

Types

This section is empty.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL