In these times of a looming quantum cryptopocalypse, I guess every cryptographic tool has to support post-quantum cryptography eventually, and badkeys is, of course, no different.

With the latest release 0.0.19, badkeys can detect ML-KEM/ML-DSA keys. I wanted to do this for a while, but had to wait for support in python cryptography, which landed recently. Regarding the "post-quantum serialization format war", I'm supporting what python cryptography supports, which is currently only the seed format. This is also the recommended format by the RFC, so I guess that's fine for most uses.

Also, currently no support for SLH-DSA, as that's not supported by python cryptography either, and, I guess, there are questions whether this will see widespread adoption. (It has, to some degree, more reliable security guarantees, as it is "provably as secure as your hash function", but comes with impractically large signatures.)

You may wonder: do we already have ML-DSA/ML-KEM security vulns? No specific ones that badkeys detects yet, but there's one class of vuln that affects every algorithm and is independent of its security and any implementation weaknesses: accidental use of known-public private keys.

You can check badkeys' post-quantum support with the example keys from RFC 9881 and RFC 9935 that are already detected as known-compromised. More keys from test vectors etc. will be added over time.

Release notes: https://github.com/badkeys/badkeys/releases/tag/v0.0.19