openssl-blacklist_0.5-3_all.deb


Advertisement

Description

openssl-blacklist - Blacklists for OpenSSL RSA keys and tools

Distribution: Debian 7 (Wheezy)
Repository: Debian Main amd64
Package name: openssl-blacklist
Package version: 0.5
Package release: 3
Package architecture: all
Package type: deb
Installed size: 11.93 KB
Download size: 6.04 MB
Official Mirror: ftp.br.debian.org
This package contains the openssl-vulnkey tool and the common lists of known-bad OpenSSL keys to use when examining suspect keys with openssl-vulnkey. RSA-1024, RSA-2048

Alternatives

    Download

    Source package: openssl-blacklist

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install openssl-blacklist deb package:
      # sudo apt-get install openssl-blacklist

    Files

    • /usr/bin/openssl-vulnkey
    • /usr/share/doc/openssl-blacklist/README.Debian
    • /usr/share/doc/openssl-blacklist/changelog.Debian.gz
    • /usr/share/doc/openssl-blacklist/copyright
    • /usr/share/doc/openssl-blacklist/examples/bad_req.csr
    • /usr/share/doc/openssl-blacklist/examples/bad_rsa.key
    • /usr/share/doc/openssl-blacklist/examples/bad_rsa_4096.pem
    • /usr/share/doc/openssl-blacklist/examples/bad_rsa_password_is_pass.key
    • /usr/share/doc/openssl-blacklist/examples/bad_x509.pem
    • /usr/share/doc/openssl-blacklist/examples/bad_x509_4096.pem
    • /usr/share/doc/openssl-blacklist/examples/gen_certs.sh.gz
    • /usr/share/doc/openssl-blacklist/examples/getpid.c
    • /usr/share/doc/openssl-blacklist/examples/good_req.csr
    • /usr/share/doc/openssl-blacklist/examples/good_rsa.key
    • /usr/share/doc/openssl-blacklist/examples/good_x509.pem
    • /usr/share/man/man1/openssl-vulnkey.1.gz
    • /usr/share/openssl-blacklist/blacklist.RSA-1024
    • /usr/share/openssl-blacklist/blacklist.RSA-2048

    Changelog

    2011-06-22 - Jamie Strandboge <jamie@ubuntu.com> openssl-blacklist (0.5-3) unstable; urgency=low * openssl-vulnkey: adjust for new openssl 1.0.0 output (Closes: #628332) * fix test suite when run as root. Patch from Moritz Muehlenhoff. (Closes: #612461) * convert to dh_python2. Patch from Colin Watson (Closes: #616927) * make lintian -Ivi clean - debian/control: update Standards-Version to 3.9.2 - debian/control: add ${misc:Depends} to binaries - debian/control: make Description more verbose - debian/copyright: convert to DEP-5 - openssl-vulnkey.1: fix some hyphens as minuses - add debian/source/format - add comments only debian/watch file

    2009-05-06 - Kees Cook <kees@debian.org> openssl-blacklist (0.5-2) unstable; urgency=low * test.sh: fix executable state of openssl-vulnkey (Closes: #525042).

    2009-04-08 - Kees Cook <kees@debian.org> openssl-blacklist (0.5-1) unstable; urgency=low [ Kees Cook ] * openssl-vulnkey: - replace sha with hashlib Python module to silence Python 2.6 warnings. - adjust skip/error handling, reporting more details (Closes: #498326). - pull version when building instead of being hard-coded. * debian/rules: use an orig.tar.gz since the blacklist files themselves are static, to save space in the archive. * test.sh: added mixed good/bad testing. [ Jamie Strandboge ] * update openssl-vulnkey to use GPL version 3 as specified in debian/copyright. * test.sh: add non-existent file and permission denied tests, as well as small cleanups * openssl-vulnkey: - exit with status '2' when errors are encountered (ie leave '1' for when a bad modulus is found) - be consistent with error reporting

    2008-06-17 - Kees Cook <kees@outflux.net> openssl-blacklist (0.4.2) unstable; urgency=low * Add openssl to the Build-Deps, since it is required for the tests.

    2008-06-16 - Kees Cook <kees@outflux.net> openssl-blacklist (0.4.1) unstable; urgency=low [ Jamie Strandboge ] * add RSA-4096 blacklist for le64 * install RSA-4096 blacklist * don't send STDERR to STDOUT as this may interfere with obtaining the modulus with long bits [ Kees Cook ] * debian/rules: - add new examples (using wildcards) - include run of internal tests during build * debian/control: bump to standards version 3.8.0 (no changes needed)

    2008-06-10 - Jamie Strandboge <jamie@ubuntu.com> openssl-blacklist (0.4) unstable; urgency=low * allow checking of certificate requests * only check moduli with an exponent of 65537 (the default on Debian/Ubuntu) * update gen_certs.sh for when ~/.rnd does not exist when openssl is run which can happen with openssl 0.9.8g and higher * update gen_certs.sh to use '0' (in case of PID randomization) * added more examples * only prompt once for password (Closes: #483500) * properly cache database reads when bits are same * added '-m' and '-b' arguments. This is helpful for applications calling openssl-vulnkey when the modulus and bits are known, such as openvpn. * man page updates * added test.sh * added blacklists for when ~/.rnd does not exist when openssl is run (LP: #232104) * added 512 bit and partial 4096 blacklists (need le64) (LP: #231014) * reorganized source databases, and ship the new gen_certs.sh format * debian/rules: updated to use new blacklist format and organization * create openssl-blacklist-extra package (but don't ship 4096 yet)

    2008-05-29 - Kees Cook <kees@outflux.net> openssl-blacklist (0.3.2) unstable; urgency=low * debian/{rules,dirs,openssl-blacklist.install}: move openssl-vulnkey to /usr/bin (Closes: #482435). * examples/gen_certs.sh: - test for fixed libssl versions (Closes: #483310). - correctly skip pre-existing PEM files, thanks to Michel Meyers (Closes: #483542). - skip invalid pid 32768. * openssl-vulnkey: allow reading from stding, based on patch from Daniel Kahn Gillmor (Closes: #482427). * debian/control: swap maintainer so Ubuntu syncs do not get confused.

    Advertisement
    Advertisement