Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

admin-revoker: add modes for revoking/blocking by public key alone #7267

Closed
aarongable opened this issue Jan 18, 2024 · 0 comments · Fixed by #7431
Closed

admin-revoker: add modes for revoking/blocking by public key alone #7267

aarongable opened this issue Jan 18, 2024 · 0 comments · Fixed by #7431
Assignees
@aarongable
Milestone
Sprint 2024-04-23

Comments

@aarongable
Copy link
Contributor

admin-revoker has the "private-key-block" and "private-key-revoke" subcommands, which take an on-disk private key as input, extract the corresponding public key, and revoke all certificates matching that public key's SPKI Hash with reason keyCompromise.

This is good, but unfortunately sometimes we are presented with proof of key compromise (e.g. a self-signed certificate with subject "Please revoke all certificates sharing this public key") without being presented with the private key itself.

In these cases, it would be good to be able to perform similar operations with just the public key.
@aarongable aarongable mentioned this issue Jan 24, 2024
Merged
@aarongable aarongable self-assigned this Mar 26, 2024
@aarongable aarongable added this to the Sprint 2024-04-26 milestone Mar 26, 2024
@aarongable aarongable mentioned this issue Mar 27, 2024
Merged
aarongable added a commit that referenced this issue Mar 28, 2024
@aarongable
admin: gain ability to block keys by spki hash (#7397)
6149ac6 
Add a new input method flag to `admin block-key` which processes a file
containing one hexadecimal-encoded SPKI hash on each line. To facilitate
this, restructure the block-key subcommand's execution to more closely
resemble the revoke-cert subcommand, with a parallelism flag and the
ability to run many workers at the same time.

Part of #7267
@aarongable aarongable mentioned this issue Apr 16, 2024
Merged
aarongable added a commit that referenced this issue Apr 24, 2024
@aarongable
admin: revoke certs or block keys based on cert PEM (#7431)
a4f75c8 
Add a new "-cert-file" input mode to both `admin revoke-cert` and `admin
block-key` which operates on the serial or pubkey found in the
PEM-encoded certificate in the supplied file.

Fixes #7267
vbaranovskiy-plesk pushed a commit to plesk/boulder that referenced this issue May 30, 2024
@aarongable
admin: revoke certs or block keys based on cert PEM (letsencrypt#7431)
5a190eb 
Add a new "-cert-file" input mode to both `admin revoke-cert` and `admin
block-key` which operates on the serial or pubkey found in the
PEM-encoded certificate in the supplied file.

Fixes letsencrypt#7267
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aarongable aarongable

Labels
None yet
Projects
None yet
Milestone
Sprint 2024-04-23
Development

Successfully merging a pull request may close this issue.

admin: revoke certs or block keys based on cert PEM letsencrypt/boulder
1 participant
@aarongable