Skip to content
/ keypairtools Public

Vulnerable version of keypair plus script to generate vulnerable keys

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

badkeys/keypairtools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
node_modules
node_modules
 
 
README.md
README.md
 
 
genkeys.sh
genkeys.sh
 
 
keypair-1.0.3.tgz
keypair-1.0.3.tgz
 
 
kpscript.js
kpscript.js
 
 

Repository files navigation

keypairtools

⚠️ This contains vulnerable code, only use for testing/analysis!

This repository contains scripts to generate keys with the javascript keypair package vulnerable to CVE-2021-41117.

The vulnerable keypair version creates predictable and often duplicate keys.

kpscript.js creates a single vulnerable key with a random filename.

genkeys.sh creates an output directory with the prefix out- and a random name and will then run an endless loop of kpscript.js in that directory.

license

This repository contains a copy of the vulnerable keypair code. It is licensed under a dual 3-clause BSD and GPL-2 license.

The scripts and documentation were written by Hanno Böck and can be used under the same licensing terms.

misc

You can find the most common vulnerable keys here.

This was created for badkeys, a tool to detect vulnerable cryptographic keys.

About

Vulnerable version of keypair plus script to generate vulnerable keys

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages