openssl-blacklist - Blacklists for OpenSSL RSA keys and tools

Property Value
Distribution Debian 7 (Wheezy)
Repository Debian Main amd64
Package name openssl-blacklist
Package version 0.5
Package release 3
Package architecture all
Package type deb
Installed size 11.93 KB
Download size 6.04 MB
Official Mirror
This package contains the openssl-vulnkey tool and the common lists of
known-bad OpenSSL keys to use when examining suspect keys with
RSA-1024, RSA-2048


Package Version Architecture Repository
openssl-blacklist_0.5-3_all.deb 0.5 all Debian Main
openssl-blacklist - - -


Name Value
dpkg >= 1.10.24
openssl >= 0.9.8g-9
python -


Type URL
Binary Package openssl-blacklist_0.5-3_all.deb
Source Package openssl-blacklist

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install openssl-blacklist deb package:
    # sudo apt-get install openssl-blacklist




2011-06-22 - Jamie Strandboge <>
openssl-blacklist (0.5-3) unstable; urgency=low
* openssl-vulnkey: adjust for new openssl 1.0.0 output (Closes: #628332)
* fix test suite when run as root. Patch from Moritz Muehlenhoff.
(Closes: #612461)
* convert to dh_python2. Patch from Colin Watson (Closes: #616927)
* make lintian -Ivi clean
- debian/control: update Standards-Version to 3.9.2
- debian/control: add ${misc:Depends} to binaries
- debian/control: make Description more verbose
- debian/copyright: convert to DEP-5
- openssl-vulnkey.1: fix some hyphens as minuses
- add debian/source/format
- add comments only debian/watch file
2009-05-06 - Kees Cook <>
openssl-blacklist (0.5-2) unstable; urgency=low
* fix executable state of openssl-vulnkey (Closes: #525042).
2009-04-08 - Kees Cook <>
openssl-blacklist (0.5-1) unstable; urgency=low
[ Kees Cook ]
* openssl-vulnkey:
- replace sha with hashlib Python module to silence Python 2.6 warnings.
- adjust skip/error handling, reporting more details (Closes: #498326).
- pull version when building instead of being hard-coded.
* debian/rules: use an orig.tar.gz since the blacklist files themselves
are static, to save space in the archive.
* added mixed good/bad testing.
[ Jamie Strandboge ]
* update openssl-vulnkey to use GPL version 3 as specified in
* add non-existent file and permission denied tests, as well
as small cleanups
* openssl-vulnkey:
- exit with status '2' when errors are encountered (ie leave '1' for when
a bad modulus is found)
- be consistent with error reporting
2008-06-17 - Kees Cook <>
openssl-blacklist (0.4.2) unstable; urgency=low
* Add openssl to the Build-Deps, since it is required for the tests.
2008-06-16 - Kees Cook <>
openssl-blacklist (0.4.1) unstable; urgency=low
[ Jamie Strandboge ]
* add RSA-4096 blacklist for le64
* install RSA-4096 blacklist
* don't send STDERR to STDOUT as this may interfere with obtaining the
modulus with long bits
[ Kees Cook ]
* debian/rules:
- add new examples (using wildcards)
- include run of internal tests during build
* debian/control: bump to standards version 3.8.0 (no changes needed)
2008-06-10 - Jamie Strandboge <>
openssl-blacklist (0.4) unstable; urgency=low
* allow checking of certificate requests
* only check moduli with an exponent of 65537 (the default on Debian/Ubuntu)
* update for when ~/.rnd does not exist when openssl is run
which can happen with openssl 0.9.8g and higher
* update to use '0' (in case of PID randomization)
* added more examples
* only prompt once for password (Closes: #483500)
* properly cache database reads when bits are same
* added '-m' and '-b' arguments. This is helpful for applications calling
openssl-vulnkey when the modulus and bits are known, such as openvpn.
* man page updates
* added
* added blacklists for when ~/.rnd does not exist when openssl is run
(LP: #232104)
* added 512 bit and partial 4096 blacklists (need le64) (LP: #231014)
* reorganized source databases, and ship the new format
* debian/rules: updated to use new blacklist format and organization
* create openssl-blacklist-extra package (but don't ship 4096 yet)
2008-05-29 - Kees Cook <>
openssl-blacklist (0.3.2) unstable; urgency=low
* debian/{rules,dirs,openssl-blacklist.install}: move openssl-vulnkey to
/usr/bin (Closes: #482435).
* examples/
- test for fixed libssl versions (Closes: #483310).
- correctly skip pre-existing PEM files, thanks to Michel Meyers
(Closes: #483542).
- skip invalid pid 32768.
* openssl-vulnkey: allow reading from stding, based on patch from
Daniel Kahn Gillmor (Closes: #482427).
* debian/control: swap maintainer so Ubuntu syncs do not get confused.

See Also

Package Description
openssl_1.0.1e-2+deb7u20_amd64.deb Secure Socket Layer (SSL) binary and related cryptographic tools
openssn-data_1.3-1_all.deb modern submarine tactical simulator (data)
openssn_1.3-1_amd64.deb modern submarine tactical simulator
openstack-dashboard-apache_2012.1.1-10_all.deb OpenStack Dashboard - Apache support
openstack-dashboard_2012.1.1-10_all.deb OpenStack Dashboard
openstereogram_0.1+20080921-2_all.deb Stereogram ("Magic Eye") generator with GUI
openstreetmap-map-icons-classic_0.0.svn27763-1_all.deb Collection of map icons (classic set)
openstreetmap-map-icons-scalable_0.0.svn27763-1_all.deb Collection of map icons (scalable set)
openstreetmap-map-icons-square_0.0.svn27763-1_all.deb Collection of map icons (square set)
openstv_1.6.1-1_all.deb single transferable vote and instant runoff voting software
openswan-doc_2.6.37-3+deb7u1_all.deb Internet Key Exchange daemon - documentation
openswan-modules-dkms_2.6.37-3+deb7u1_amd64.deb Internet Key Exchange daemon - DKMS source
openswan-modules-source_2.6.37-3+deb7u1_all.deb Internet Key Exchange daemon - kernel module source
openswan_2.6.37-3+deb7u1_amd64.deb Internet Key Exchange daemon
openteacher_2.3-1_all.deb learn words in a foreign language