FWIW, I may throw in my tool badkeys: https://badkeys.info/
It contains checks for various known vulnerabilities in public keys, and also a blocklist of known "public private keys", as I like to call them. (And yes, the RFC 9500 keys are in there as well, also all other private keys used in RFC and ietf draft documents). The key sources are all public and documented here: https://github.com/badkeys/blocklistmaker It uses a hash list, however, the format is currently only sourcecode-documented. (But it's on my task list to document that properly, it's essentially a truncated sha256 of N in the case of RSA, and x in the case of EC keys - that's a deliberate choice over spki hashes, so it better covers co-broken RSA keys - different e, but same N - and different encodings for EC keys) -- Hanno Böck https://hboeck.de/ -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20241021112345.29b8ab32.hanno%40hboeck.de.
