Skip to content

Instantly share code, notes, and snippets.


Sander D SDx3

  • NL
View GitHub Profile

Digital certificates

Some background and hands-on information

Digital certificates come in many shapes and sizes. There are also a ton of tools to help you deal with them. This page contains some tips and tricks as well as technological backgrounds to help you understand what the heck you're doing.

SDx3 /
Last active Jan 16, 2020


A serious issue in the way Windows handles digital certificates.

Here's a quick mathematical explanation of the issue:

The bug exploits crypt32.dll signature verification on elliptic curve. crypt32.dll only checks for matching public key and parameters, but not the generator G.
The private key is d = [1, n - 1], where n is order of the curve
The public key is Q = dG.
The generator G is defined for each curve, but the bug allows your to specify your own generator.


Keybase proof

I hereby claim:

  • I am SDx3 on github.
  • I am sdx3 ( on keybase.
  • I have a public key whose fingerprint is 86FC E598 FFDE 2D80 3454 C468 5C1C 61A5 A9FA A13A

To claim this, I am signing this object:

You can’t perform that action at this time.