A random collection of compromised cryptographic keys.
By using a certificate's private key to sign the string "revoke", the obtained signature can be used as a proof of compromise without requiring additional distribution of the private key. For a certificate with the crt.sh ID "123456789", the following command can be used to create a proof of compromise signature:
openssl dgst -sha256 -sign ./x509/123456789.key -out ./x509/123456789.revoke <(echo -n 'revoke')The signature can be verified using the following command:
openssl dgst -sha256 -verify <(openssl x509 -in ./x509/123456789.crt -pubkey -noout) -signature ./x509/123456789.revoke <(echo -n 'revoke')| Date | crt.sh | Certificate | Proof of compromise | Issuer | Notes |
|---|---|---|---|---|---|
| 2019-02-09 | 252685801 | 252685801 | 252685801 | Go Daddy Secure Certificate Authority - G2 | Source, certificate revoked |
| 2019-02-09 | 307506564 | 307506564 | 307506564 | Go Daddy Secure Certificate Authority - G2 | Source, certificate expired |
| 2019-02-09 | 131620736 | 131620736 | 131620736 | GeoTrust SSL CA - G3 | Source, certificate revoked |
| 2019-02-09 | 237656393 | 237656393 | 237656393 | GeoTrust SSL CA - G3 | Source, certificate revoked |
| 2019-02-09 | 242296047 | 242296047 | 242296047 | Starfield Secure Certificate Authority - G2 | Source, certificate revoked |