You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In some cases private keys are committed alongside the certificate chain in the same file. In those cases, it would be great if TruffleHog can also emit metadata about the cert (similar to how e.g. the AWS detector emits the account ID). In particular, some fields I think would be relevant:
Certificate expiry
The name of the CA
Subject name (and alternative names)
Key usage / extended key usage
A hash or a key id to help correlate with inventories.
Hey @hasnain-db, thanks for opening this issue! I’m working on updating Driftwood to store some of the issuer information that wasn’t previously saved. Once that’s done, I’ll re-index the existing records and update the private key detector to include the information you mentioned in the ExtraData field.
One thing to note: we might not be able to retrieve issuer information for all certificates, as some of the CT servers we indexed in the past are no longer online. I’ll link the PR for the private key detector update to this issue once I start working on it.
Description
In some cases private keys are committed alongside the certificate chain in the same file. In those cases, it would be great if TruffleHog can also emit metadata about the cert (similar to how e.g. the AWS detector emits the account ID). In particular, some fields I think would be relevant:
Preferred Solution
N/A
Additional Context
N/A
References
Conceptually, I think this aligns well with what driftwood already does: https://trufflesecurity.com/blog/driftwood
The text was updated successfully, but these errors were encountered: