> ## Documentation Index
> Fetch the complete documentation index at: https://docs.binarly.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Cryptographic Materials
> Using the Cryptographic Materials tab to review algorithms, certificates, and keys discovered in an image scan.
The Cryptographic Materials tab provides an isolated view of all cryptographic findings discovered during a scan. Navigate to an image scan detail view and select **Cryptographic Materials** from the tabbed navigation to access it.
The tab surfaces detected algorithms, protocols, certificates, and keys across all components in the analyzed image, enabling compliance assessment, post-quantum migration planning, and risk prioritization.
## Grid Columns
The grid presents one row per cryptographic finding. All columns support sorting, filtering, and reordering.
| Column | Description |
| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Type** | Category of the finding: Algorithm, Protocol, Certificate, or Key |
| **Finding / Class** | Finding class identifier (e.g., `crypto/algorithm/hashing/md5`, `crypto/certificate/expired`) |
| **Component** | Binary component in which the material was found |
| **Severity** | Risk level assigned to the finding |
| **Confidence** | How certain BTP is that it identified the correct algorithm and its exact parameters — uses the same five-level scale as all other findings (see [Accuracy & Confidence](/resource-center/accuracy-confidence)) |
| **Reachability** | Whether the cryptographic material is accessible from a public entry point in the binary (see [Reachability Analysis](/resource-center/reachability)); applies to algorithms and protocols |
| **PQC Status** | Post-quantum compliance classification per NIST IR 8547: compliant, non-compliant, or acceptable until a specified date |
## Algorithm Findings
Algorithm findings identify cryptographic algorithm implementations in the analyzed binary. Each finding includes:
* Algorithm class and detected parameters (key size, mode of operation)
* Component name and offset where the implementation was found
* Function addresses associated with the cryptographic code
* Reachability result
* PQC compliance status
## Certificate Findings
Certificate findings expose X.509 certificates embedded in the image. The finding detail view provides:
* **Issuer** and **Subject** - certificate authority and the entity the certificate was issued to
* **Origin** - component path within the image where the certificate was found
* **Validity period** - not-before and not-after dates
* **Expiration status** - whether the certificate has expired
* **Signature algorithm** - algorithm used to sign the certificate
* **Public key algorithm and size** - e.g., RSA-2048, EC P-256
* **Self-signed flag** - whether the certificate is self-signed
Certificate issue classes (`crypto/certificate/expired`, `crypto/certificate/invalid`, `crypto/certificate/self-signed`, `crypto/certificate/untrusted`) carry severity ratings. Certificates without issues are recorded as `artefact/crypto-certificate-material` and are informative.
## Key Findings
Key material findings record cryptographic keys embedded in the binary:
* **Key type** - RSA, EC, Ed25519, post-quantum, or other
* **Key size / parameters** - bit-length or parameter set
* **Location** - component path and offset within the image
* **Classification** - private key vs. public key
Private keys found in firmware are additionally flagged under `secret/private-key` or `secret/encryption-key`, which carry elevated severity due to the risk of key exposure.
## Filtering and Searching
**Quick column filters:**
* Filter by **Type** to narrow to Algorithms, Protocols, Certificates, or Keys.
* Filter by **Finding / Class** by class prefix - e.g., `crypto/algorithm/hashing` for hashing algorithms, `crypto/certificate` for certificate findings.
* Filter by **PQC Status** to isolate quantum-vulnerable findings for migration planning.
* Filter by **Severity** to surface only weak or deprecated materials.
**Advanced filtering:**
Open the Filters drawer (upper-right of the grid) to build multi-criteria filters across severity, confidence, reachability, component, and other fields. See [CVSS Vector Filtering](/user-guides/image-scans/cvss-vector-filtering).
Save a filter combining `PQC Status: non-compliant` and `Reachability: reachable` as a named Saved View. This surfaces quantum-vulnerable algorithm usages that are actively reachable - the highest-priority set for migration planning. See [Saved Views](/user-guides/important-findings/saved-views).
## Generating Reports
Click the **Generate** button in the tab to produce a PDF or JSON report listing all quantum-vulnerable algorithm instances with NIST IR 8547 migration guidance.
See [PQC Compliance Report](/user-guides/export/pqc) for report contents and format details.
Open the action menu and select **Download CBOM** to export a CycloneDX-formatted inventory of all detected cryptographic materials.
See [CBOM Export](/user-guides/export/cbom) for format details and programmatic access.
## Related
* [Cryptographic Detection](/resource-center/cryptographic-detection) - How detection works
* [Algorithm Compliance Reference](/resource-center/algorithm-compliance) - Compliance status for all algorithm classes
* [Finding Classes Reference](/resource-center/finding-classes) - Full list of `crypto/*` classes
* [Accuracy & Confidence in Findings](/resource-center/accuracy-confidence)
* [Reachability Analysis](/resource-center/reachability)
* [PQC Compliance Report](/user-guides/export/pqc)
* [CBOM Export](/user-guides/export/cbom)