Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PrivateKey detector should emit some metadata about the corresponding certificate if available #3631

Open
hasnain-db opened this issue Nov 19, 2024 · 2 comments · May be fixed by #3645
Open
Assignees

Comments

@hasnain-db
Copy link

hasnain-db commented Nov 19, 2024

Description

In some cases private keys are committed alongside the certificate chain in the same file. In those cases, it would be great if TruffleHog can also emit metadata about the cert (similar to how e.g. the AWS detector emits the account ID). In particular, some fields I think would be relevant:

  • Certificate expiry
  • The name of the CA
  • Subject name (and alternative names)
  • Key usage / extended key usage
  • A hash or a key id to help correlate with inventories.

Preferred Solution

N/A

Additional Context

N/A

References

Conceptually, I think this aligns well with what driftwood already does: https://trufflesecurity.com/blog/driftwood

@ahrav
Copy link
Collaborator

ahrav commented Nov 20, 2024

Hey @hasnain-db, thanks for opening this issue! I’m working on updating Driftwood to store some of the issuer information that wasn’t previously saved. Once that’s done, I’ll re-index the existing records and update the private key detector to include the information you mentioned in the ExtraData field.

One thing to note: we might not be able to retrieve issuer information for all certificates, as some of the CT servers we indexed in the past are no longer online. I’ll link the PR for the private key detector update to this issue once I start working on it.

@ahrav ahrav self-assigned this Nov 20, 2024
@hasnain-db
Copy link
Author

thanks @ahrav ! Really appreciate this. FWIW I added 2 more fields to the list after consulting with someone else.

@ahrav ahrav linked a pull request Nov 21, 2024 that will close this issue
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

2 participants