Priv key compromised?

In another forum (haproxy) I posted an excerpt of a fullchain.pem file containing pieces of the actual certs, but I obfuscated the posted text by deleting a couple of lines and x'ing out parts of a line in an ec256 private key.

Now someone there told that I exposed my private key to the public and I'd better revoke it.

What I did was to overwrite 32 characters of the middle of the three lines of the ec256 private key.
Would that be too dangerous?

If you didn't completely obfuscate the private key then yes, possibly.


Yes. There's usually no reason to even look at a private key.


If you didn't completely obfuscate the private key then yes, possibly.
This is, what I get from the --list command.
Can I selectively revoke the ec-256 certificate?

acme@mail:~/$ --list 
Main_Domain       KeyLength  SAN_Domains                                                                             CA           Created               Renew  "2048",,,,  2023-11-11T10:28:08Z  2024-01-09T10:28:08Z  "ec-256",,,,  2023-11-11T10:00:06Z  2024-01-09T10:00:06Z

Personally I'd say, find my key from this and I'll give you $500. Yes you can revoke an individual cert and then request a new one. I assume uses a new key every time but best check.


I'd say:

  • revoke
  • remove completely [including cert(s), key(s), csr(s)]
  • get a new one

What do you mean by "no reason to look at the private key"?
HAPROXY requires to have the private key together with the fullchain in one file.

I mean there is no reason for human eyes to ever see the private key.

You can concatenate key and fullchain without looking at them, using cat. (cat file1 file2 > fileboth)


@9peppe : Sure. Misunderstood you. The concatenation is already done by the deploy-hook script of haproxy.

1 Like

By default reuses keypairs on renewal, unless --always-force-new-domain-key is given.

If you blanked the exact middle 32 base64 characters of those three lines each**, you leaked approximately 69-77% of your private key*, which still leaves ~60-80 bits of unknown data approximately. Even if we only consider a (fairly naive) baby-step giant-step bruteforce (or alternatively, Pollard's kangaroo), this leaves at most 2^40 computation steps (and this is without even thinking about much faster attacks), so yes, I would consider that key to be 100% broken and disclosed.

*You can calculate this exactly, I only made a rough estimate by looking at entire base64 characters only.
**If you only blanked the middle line, you leaked 100% of the private key. For p256 keys, the first base64line contains the entire key (+ more).

Nevermind, I swapped the numbers in my head. You blanked ~69-77% of the key, not the other way around. The above computation is wrong in that case. Anyway, I would still revoke and replace that key.


You say, " reuses keypairs on renewal".

Renewal is the process of getting updated certificates. --revoke -d -k ec-256

(the priv key in question was the ec-2576 one)

So I'd guess I'm on the safe side?

Unfortunately does not appear to have code to disable the reuse of a private key, even if it was revoked. I believe you can remove the private key + CSR from's config directory to force the use of a new key on the next renewal.

(revoke code is here)


Luckily Let's Encrypt would refuse to issue a certificate with a key pair if a previous cert with that key pair was revoked with "keyCompromise" as revocation reason. See Revoking Certificates - Let's Encrypt

Not sure how works in that regard.


So, is there a master revoked key [or key hash] list?






And it contains revoke information from which CA(s)?


Let's Encrypt itself.

1 Like

Then the case exists that one can revoke a cert from another CA and continue using that same key with LE?


Yes, I think so. I don't think CAs are required to consult each other's known-compromised key lists, it's just that if a CA learns about a compromised key they need to revoke it and block from future use.

There are sites like pwnedkeys which try to track known-compromised keys, but I don't think Let's Encrypt (or other CAs) regularly consult those kinds of services. (Those services sometimes will use ACME to revoke certificates if they find one in the wild, though.)