info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Faking a key compromise event with franken-keys
123 views
Skip to first unread message
J.C. Jones
Jul 20, 2017, 2:16:32 PM7/20/17
to MozPol
All,
Today Hanno Böck blogged about performing surgery on ASN.1-encoded RSA
private keys to make them appear to correspond to a target certificate's
public key, and using the franken-key file to appear to legitimately hold
the private key of that target certificate.
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
The franken-key is quite convincing to casual inspection. Always check when
making trust decisions.
J.C.
Today Hanno Böck blogged about performing surgery on ASN.1-encoded RSA
private keys to make them appear to correspond to a target certificate's
public key, and using the franken-key file to appear to legitimately hold
the private key of that target certificate.
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
The franken-key is quite convincing to casual inspection. Always check when
making trust decisions.
J.C.
0 new messages