Cryptographic algorithms are tools used to secure communications over public channels such as the Internet. Based on mathematical hard problems, they are the building blocks to protocols such as TLS (for secure internet browsing via https) or SSH (for secure remote access to servers). The different security features provided by cryptography are authentication, authorization, and encryption. To this means, cryptographic algorithms are bound to cryptographic keys that are used to unlock or lock these functions.
We distinguish two types of keys, symmetric or asymmetric keys:
- A symmetric key is shared between the entities communicating.
- Asymmetric keys are composed of a public and a private key. The public key is distributed to everyone to initiate a communication or a protocol and the private key is used to verify and carry on the communication or the protocol.
Having access to someone's symmetric key or asymmetric private key can have devastating consequences. A malicious adversary could then impersonate an entity, tamper its communications, or simply have access to all its secure data.
After the introduction of the series of IETF RFC 1421, 1422, 1423, and 1424 most implementation libraries involving cryptography (such as OpenSSL) use a shared format to store the cryptographic keys called PEM (stands for Privacy-Enhanced Mail). This format has a very structured form, always starting with the same pattern. This is very convenient for detection as it implies a high recall on the different detectors implemented. We based our family of cryptographic key detectors on the particularity of the PEM format to get very efficient and precise detectors. Here are the list of the detectors currently implemented in our suit:
- Generic private key.
- DSA private key.
- Elliptic curve private key.
- RSA private key.
- OpenSSH private key.
- PGP private key.
- Encrypted private key.
- Putty private key.
We targeted the main cryptographic algorithms or protocols, which are the most commonly used ones and referenced one by standard entities. For each of those algorithms, we implemented a detector for both the PEM format form and the Base 64 encoded version.
One frequently asked question by the public and our customers is about the sensitivity of a certificate. Public-key certificates are used in TLS protocols in order to establish authenticated and secure communication channels when browsing over the web, displayed as https and a green lock on the website. They are in essence just public keys augmented with a signature that everyone can access to (simply click on the lock). As such, they have no sensitivity and the augmented signatures just provide trust to users that this certificate was issued by a trusted party. The trusted party is usually referenced by either the browser or the OS (linux, windows, apple, etc) on installation.