Hacker News new | ask | show | jobs
by rjbrock 3561 days ago
This appears to be a private key (so no one should ever be able to read this file): https://github.com/kaolti/Who-Runs-This/blob/master/key.pem

Is this for publishing to the chrome app store? If it is, I recommend taking down the extension and republishing with a new secure key ASAP.
1 comments
kaolti 3561 days ago
lol, saved my ass it looks like! Took your advice.
link
callesgg 3561 days ago
It is still in the commit history. You need to throw that key away and get a new one.
link
rjbrock 3561 days ago
Exactly, that key is now completely compromised (it was the second it was public). You can still see it here: https://github.com/kaolti/Who-Runs-This/commit/764945d8d968b...

You will need to generate a new key and resign with the new one.

link
kaolti 3561 days ago
I removed it now, still looking into getting a new key.
link
rjbrock 3561 days ago
Haha, no worries, we've all been there!
link