🧵 There are hundreds o PRIVATE RSA keys in DNS TXT data.
You read it right, the secret part of RSA that you should never expose... What's even more surprising is, that it might make sense to have it there.
You read it right, the secret part of RSA that you should never expose... What's even more surprising is, that it might make sense to have it there.
1/6 While poking around DNS, we found something unexpected: private keys in TXT records. These keys, which are meant to be private, were just hanging out there, visible to anyone checking those records.
2/6 Why is this even a thing? Well, some email systems use DKIM, where public keys in DNS help verify a sender’s authenticity by validating email signatures.
BUT you always only publish public part of the key! Not the private part! That one must remain secret.
BUT you always only publish public part of the key! Not the private part! That one must remain secret.
3/6 DKIM successfully fulfills its goal of reducing email-based fraud, such as phishing and spoofing. However, the side effect is that anyone can cryptographically verify authenticity of email even many years after it was sent - including leaked or stolen emails.
4/6 If an organisation wants to prevent that, it can rotate DKIM keys and release the old secret keys. This way, any future email with valid signature can be denied as a forgery which gives the organisation a plausible deniability.
5/6 TLDR: there are private RSA keys in public TXT DNS data, it makes sense because they're revoked and published for plausible deniability
At @ReconWave, we wrote about this here buff.ly/4flbPe5
At @ReconWave, we wrote about this here buff.ly/4flbPe5
@ReconWave 6/6 Example domain with this is here - buff.ly/4hqu2Zz
@threadreaderapp unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
