How to use this tool

  1. Copy your public key(s) or HTTPS URL into 'Test your keys' box.
  2. Select different prior probability model if you know the key(s) usage scenario.
  3. Press 'Classify' button.
  4. Inspect which libraries/devices (groups) are probable sources for inserted key(s).
  5. If all public keys are produced by the same (unknown) library/device, inspect also 'Result for the same source' for significantly more accurate classification.
  6.

Test your keys

1. Equal probability of all groups (default)
2. TLS prior probability
3. PGP prior probability
4. Custom prior probability (not yet implemented, coming soon)

List of known sources

Group name Sources
Group I G&D SmartCafe 3.2
Group II GNU Crypto 2.0.1
Group III Gemalto GXP E64
Group IV Infineon JTOP 80K
Group V Oberthur Cosmo Dual 72K
Group VI OpenSSL 1.0.2g
Group VIII G&D SmartCafe 4.x, G&D SmartCafe 6.0
Group IX NXP J2D081, NXP J2E145G
Group X NXP J2A080, NXP J2A081, NXP J3A081, NXP JCOP 41 v2.2.1
Group XI Bouncy Castle 1.54, Crypto++ 5.6.3, Microsoft .NET, Microsoft CNG, Microsoft CryptoAPI
Group XII Bouncy Castle 1.53, Cryptix JCE 20050328, FlexiProvider 1.7p7, mbedTLS 2.2.1, SunRsaSign OpenJDK 1.8.0, Utimaco Security Server Se50
Group XIII Botan 1.11.29, cryptlib 3.4.3, Feitian JavaCOS A22, Feitian JavaCOS A40, Gemalto GCX4 72K, libgcrypt 1.6.5, libgcrypt 1.6.5 FIPS, LibTomCrypt 1.17, Nettle 3.2, Oberthur Cosmo 64, OpenSSL 1.0.2g FIPS 2.0.12, PGPSDK 4, SafeNet Luna SA-1700, WolfSSL 3.9.0

Contact us or share our classification tool

Q&A section

Q: So what did you do?

A: Figured out that RSA public key is leaking info about a library which created it. So we can tell which library you used for your key - based on public key only.

Q: Is single key enough to identify source library?

A: Sometimes yes, but mostly no. If you have 5 keys from the same source, it will be quite accurate. Just press Classify button above.

Q: Can I mutually distinguish all libraries?

A: Not always. Source libraries introducing exactly same bias to the value of generated public moduli will be undistinguishable.

Q: Can I identify also the version of used library?

A: Sometimes. The new version of a library that did not change source code of key generation method will not be distinguishable from the older one. E.g., OpenSSL 1.0.2f is not distinguishable from OpenSSL 1.0.2g, but OpenSSL 1.0.2g is distinguishable from OpenSSL 2.0.12 FIPS.

Q: Have you tested all libraries of the world?

A: No. We test a lot of them, but not all. We also did not test all possible version of given library. We are also missing hardware sources like SSL accelerators (contact us please, if you have one and like to contribute).

Q: How quickly will be the information leakage vulnerability you found fixed?

A: Probably not soon. The fix would require changing code of key generation method for the most libraries. And developers don't like to mess with that part of crypto too often. Even if fixed in the new version, lot of old legacy libraries will use for a long time.

Q: So how can I protect my key(s)?

A: If you need just one key, it is easy - just generate 5 keys instead of one, let all to be classified by our tool ( and then keep the one which is classified with the least accuracy. If you need more keys to keep, it is slightly more tricky, but still can be done (with more keys generated and discarded).

Q: Are data you gathered and used publicly available?

A: Definitely! Download everything in datasets section and try own analysis. Please don't forget to cite us.

Q: I want to know more details!

A: Great, then read original paper and technical report for even more details.