When using the '-m' option, you must pass the correct bit length and modulus string. You can find the modulus and bit length of your private key by using:
$ openssl rsa -modulus -text -in <private keyfile> Private-Key: (1024 bit) ... Modulus=E5FCB9EA68147B962AC4DC70CCB751AE27237D5C2073DA5119B61CB15FAE4A0451A46548983F000F8E5ABD3C34C1D2021834C08810314900997EC65F769E36612B8ECBF2DE3E3DAC4CA4246B33A933D4A639FE04ECE3D677DE0EF49BFCD3D77B133661E32BBEF6D103560883361A99ADA1D89779C0C0108EC3696D0A4C549F05 ... Proper invocation using the above example would look like: $ openssl-vulnkey -b 1024 -m E5FCB9EA68147B962AC4DC70CCB751AE27237D5C2073DA5119B61CB15FAE4A0451A46548983F000F8E5ABD3C34C1D2021834C08810314900997EC65F769E36612B8ECBF2DE3E3DAC4CA4246B33A933D4A639FE04ECE3D677DE0EF49BFCD3D77B133661E32BBEF6D103560883361A99ADA1D89779C0C0108EC3696D0A4C549F05 COMPROMISED: 58dce70acfd4dc1a9d28722fc62edb8d30110778 The content of /usr/share/openssl-blacklist/blacklist.RSA-* are truncated hashes to save space, but openssl-vulnkey handles all of that for you. See 'man openssl-vulnkey' for details. openssl-vulnkey is running correctly and the proper course of action is to regenerate your certificate/key pair because they use a known moduli and therefore your VPN traffic can easily be decrypted. -- openvpn-vulnkey disagrees with openssl-vulnkey https://bugs.launchpad.net/bugs/239640 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
