Today Hanno Böck blogged about performing surgery on ASN.1-encoded RSA
private keys to make them appear to correspond to a target certificate's
public key, and using the franken-key file to appear to legitimately hold
the private key of that target certificate.

The franken-key is quite convincing to casual inspection. Always check when
making trust decisions.

dev-security-policy mailing list

Reply via email to