package module
Version: v0.0.0-...-3a88ade Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2018 License: Apache-2.0 Imports: 6 Imported by: 0



GoDoc Build Status Coverage Status Go Report Card Apache 2 licensed

Package looks up Certificates, Certificate requests, Keys, etc in the database.


Pull the project down into an existing project:

$ go get -u

Then, use the library in your existing code:

cert, err := parsePEM(certBytes)
if err != nil {
     // do something with the error
if err := pwnedkeys.CheckCertificate(http.DefaultClient, cert); err != nil { // Use a different http.Client
    // reject key/cert

Getting Help

Feel free to open a GitHub issue for bug reports, feature requests, or questions. I'll do my best to answer them.

Supported and Tested Platforms

  • 64-bit Linux (Ubuntu, Debian), macOS


Yes please! Please createn an issue or submit a Pull Request towards the project!

Note: This project uses Go Modules, but only the Go standard library is used. Go 1.11 is required for modules, but this library should work with older Go releases.


Apache License 2.0 See LICENSE for details.



Package pwnedkeys looks up Certificates, Certificate requests, Keys, etc in the database.

Lookup is done using the SubjectPublicKeyInfo (SPKI) associated with a key. The SPKI fingerprint of a key (or certificate) is the all-lowercase hex-encoded SHA-256 hash of the DER-encoded form of the subjectPublicKeyInfo ASN.1 structure representing a given public key.



This section is empty.


View Source
var (
	// ErrKeyFound is returned when the key was found in database
	ErrKeyFound = errors.New("private key found in database")

	// ErrHashFailed is returned only when the SHA-256 hashing fails.
	ErrHashFailed = errors.New("unable to generate SHA-256 hash")


func CheckCertificate

func CheckCertificate(client *http.Client, cert *x509.Certificate) error

CheckCertificate returns a non-nil error only if the key information is found in the database. Finding key data implies a compromised key.


This section is empty.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL