Test vectors
Testing the correctness of the primitives implemented in cryptography
requires trusted test vectors. Where possible these vectors are
obtained from official sources such as NIST or IETF RFCs. When this is
not possible cryptography
has chosen to create a set of custom vectors
using an official vector file as input.
Vectors are kept in the cryptography_vectors
package rather than within our
main test suite.
Sources
Project Wycheproof
We run vectors from Project Wycheproof – a collection of known edge-cases
for various cryptographic algorithms. These are not included in the repository
(or cryptography_vectors
package), but rather cloned from Git in our
continuous integration environments.
Asymmetric ciphers
RSA PKCS #1 from the RSA FTP site (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/ and ftp://ftp.rsa.com/pub/rsalabs/tmp/).
RSA FIPS 186-2 and PKCS1 v1.5 vulnerability test vectors from NIST CAVP.
FIPS 186-2 and FIPS 186-3 DSA test vectors from NIST CAVP.
FIPS 186-2 and FIPS 186-3 ECDSA test vectors from NIST CAVP.
DH and ECDH and ECDH+KDF(17.4) test vectors from NIST CAVP.
Ed25519 test vectors from the Ed25519 website.
asymmetric/PEM_Serialization/rsa-bad-1025-q-is-2.pem
from badkeys.OpenSSL PEM DSA serialization vectors from the GnuTLS example keys.
PKCS #8 PEM serialization vectors from
GnuTLS: enc-rsa-pkcs8.pem, enc2-rsa-pkcs8.pem, unenc-rsa-pkcs8.pem, pkcs12_s2k_pem.c. The encoding error in unenc-rsa-pkcs8.pem was fixed, and the contents of enc-rsa-pkcs8.pem was re-encrypted to include it. The contents of enc2-rsa-pkcs8.pem was re-encrypted using a stronger PKCS#8 cipher.
asymmetric/public/PKCS1/dsa.pub.pem is a PKCS1 DSA public key from the Ruby test suite.
X25519 and X448 test vectors from RFC 7748.
RSA OAEP with custom label from the BoringSSL evp tests.
Ed448 test vectors from RFC 8032.
Deterministic ECDSA (RFC 6979) from OpenSSL’s RFC 6979 test vectors.
Custom asymmetric vectors
asymmetric/PEM_Serialization/ec_private_key.pem
andasymmetric/DER_Serialization/ec_private_key.der
- Contains an Elliptic Curve key generated by OpenSSL from the curvesecp256r1
.asymmetric/PEM_Serialization/ec_private_key_encrypted.pem
andasymmetric/DER_Serialization/ec_private_key_encrypted.der
- Contains the same Elliptic Curve key asec_private_key.pem
, except that it is encrypted with AES-128 with the password “123456”.asymmetric/PEM_Serialization/ec_public_key.pem
andasymmetric/DER_Serialization/ec_public_key.der
- Contains the public key corresponding toec_private_key.pem
, generated using OpenSSL.asymmetric/PEM_Serialization/ec_public_key_rsa_delimiter.pem
- Contains the public key corresponding toec_private_key.pem
, but with the wrong PEM delimiter (RSA PUBLIC KEY
when it should bePUBLIC KEY
).asymmetric/PEM_Serialization/rsa_private_key.pem
- Contains an RSA 2048 bit key generated using OpenSSL, protected by the secret “123456” with DES3 encryption.asymmetric/PEM_Serialization/rsa_public_key.pem
andasymmetric/DER_Serialization/rsa_public_key.der
- Contains an RSA 2048 bit public generated using OpenSSL fromrsa_private_key.pem
.asymmetric/PEM_Serialization/rsa_wrong_delimiter_public_key.pem
- Contains an RSA 2048 bit public key generated fromrsa_private_key.pem
, but with the wrong PEM delimiter (RSA PUBLIC KEY
when it should bePUBLIC KEY
).asymmetric/PEM_Serialization/dsa_4096.pem
- Contains a 4096-bit DSA private key generated using OpenSSL.asymmetric/PEM_Serialization/dsaparam.pem
- Contains 2048-bit DSA parameters generated using OpenSSL; contains no keys.asymmetric/PEM_Serialization/dsa_private_key.pem
- Contains a DSA 2048 bit key generated using OpenSSL from the parameters indsaparam.pem
, protected by the secret “123456” with DES3 encryption.asymmetric/PEM_Serialization/dsa_public_key.pem
andasymmetric/DER_Serialization/dsa_public_key.der
- Contains a DSA 2048 bit key generated using OpenSSL fromdsa_private_key.pem
.asymmetric/DER_Serialization/dsa_public_key_no_params.der
- Contains a DSA public key with the optional parameters removed.asymmetric/DER_Serialization/dsa_public_key_invalid_bit_string.der
- Contains a DSA public key with the bit string padding value set to 2 rather than the required 0.asymmetric/PKCS8/unenc-dsa-pkcs8.pem
andasymmetric/DER_Serialization/unenc-dsa-pkcs8.der
- Contains a DSA 1024 bit key generated using OpenSSL.asymmetric/PKCS8/unenc-dsa-pkcs8.pub.pem
andasymmetric/DER_Serialization/unenc-dsa-pkcs8.pub.der
- Contains a DSA 2048 bit public key generated using OpenSSL fromunenc-dsa-pkcs8.pem
.DER conversions of the GnuTLS example keys for DSA.
DER conversions of enc-rsa-pkcs8.pem, enc2-rsa-pkcs8.pem, and unenc-rsa-pkcs8.pem.
asymmetric/public/PKCS1/rsa.pub.pem
andasymmetric/public/PKCS1/rsa.pub.der
are PKCS1 conversions of the public key fromasymmetric/PKCS8/unenc-rsa-pkcs8.pem
using PEM and DER encoding.x509/custom/ca/ca_key.pem
- An unencrypted PCKS8secp256r1
key. It is the private key for the certificatex509/custom/ca/ca.pem
.pkcs12/ca/ca_key.pem
- An unencrypted PCKS8secp256r1
key. It is the private key for the certificatepkcs12/ca/ca.pem
. This key is encoded in several of the PKCS12 custom vectors.x509/custom/ca/rsa_key.pem
- An unencrypted PCKS8 4096 bit RSA key. It is the private key for the certificatex509/custom/ca/rsa_ca.pem
.asymmetric/EC/compressed_points.txt
- Contains compressed public points generated using OpenSSL.asymmetric/EC/explicit_parameters_private_key.pem
- Contains an EC private key with an curve defined by explicit parameters.asymmetric/EC/explicit_parameters_wap_wsg_idm_ecid_wtls11_private_key.pem
- Contains an EC private key with over thewap-wsg-idm-ecid-wtls11
curve, encoded with explicit parameters.asymmetric/EC/secp128r1_private_key.pem
- Contains an EC private key on the curvesecp128r1
.asymmetric/EC/sect163k1-spki.pem
- Contains an EC SPKI on the curvesect163k1
.asymmetric/EC/sect163r2-spki.pem
- Contains an EC SPKI on the curvesect163r2
.asymmetric/EC/sect233k1-spki.pem
- Contains an EC SPKI on the curvesect233k1
.asymmetric/EC/sect233r1-spki.pem
- Contains an EC SPKI on the curvesect233r1
.asymmetric/X448/x448-pkcs8-enc.pem
andasymmetric/X448/x448-pkcs8-enc.der
contain an X448 key encrypted with AES 256 CBC with the passwordpassword
.asymmetric/X448/x448-pkcs8.pem
andasymmetric/X448/x448-pkcs8.der
contain an unencrypted X448 key.asymmetric/X448/x448-pub.pem
andasymmetric/X448/x448-pub.der
contain an X448 public key.asymmetric/Ed25519/ed25519-pkcs8-enc.pem
andasymmetric/Ed25519/ed25519-pkcs8-enc.der
contain an Ed25519 key encrypted with AES 256 CBC with the passwordpassword
.asymmetric/Ed25519/ed25519-pkcs8.pem
andasymmetric/Ed25519/ed25519-pkcs8.der
contain an unencrypted Ed25519 key.asymmetric/Ed25519/ed25519-pub.pem
andasymmetric/Ed25519/ed25519-pub.der
contain an Ed25519 public key.asymmetric/X25519/x25519-pkcs8-enc.pem
andasymmetric/X25519/x25519-pkcs8-enc.der
contain an X25519 key encrypted with AES 256 CBC with the passwordpassword
.asymmetric/X25519/x25519-pkcs8.pem
andasymmetric/X25519/x25519-pkcs8.der
contain an unencrypted X25519 key.asymmetric/X25519/x25519-pub.pem
andasymmetric/X25519/x25519-pub.der
contain an X25519 public key.asymmetric/Ed448/ed448-pkcs8-enc.pem
andasymmetric/Ed448/ed448-pkcs8-enc.der
contain an Ed448 key encrypted with AES 256 CBC with the passwordpassword
.asymmetric/Ed448/ed448-pkcs8.pem
andasymmetric/Ed448/ed448-pkcs8.der
contain an unencrypted Ed448 key.asymmetric/Ed448/ed448-pub.pem
andasymmetric/Ed448/ed448-pub.der
contain an Ed448 public key.asymmetric/PKCS8/rsa_pss_2048.pem
- A 2048-bit RSA PSS key with no explicit parameters set.asymmetric/PKCS8/rsa_pss_2048_pub.der
- The public key corresponding toasymmetric/PKCS8/rsa_pss_2048.pem
.asymmetric/PKCS8/rsa_pss_2048_hash.pem
- A 2048-bit RSA PSS key with the hash algorithm PSS parameter set to SHA256.asymmetric/PKCS8/rsa_pss_2048_hash_mask.pem
- A 2048-bit RSA PSS key with with the hash (SHA256) and mask algorithm (SHA256) PSS parameters set.asymmetric/PKCS8/rsa_pss_2048_hash_mask_diff.pem
- A 2048-bit RSA PSS key with the hash (SHA256) and mask algorithm (SHA512) PSS parameters set.asymmetric/PKCS8/rsa_pss_2048_hash_mask_salt.pem
- A 2048-bit RSA PSS key with the hash (SHA256), mask algorithm (SHA256), and salt length (32) PSS parameters set.asymmetric/Traditional_OpenSSL_Serialization/testrsa.pem
- A 2048-bit RSA key, encoded as a “traditional”RSA PRIVATE KEY
PEM block, rather than aPRIVATE KEY
block.asymmetric/Traditional_OpenSSL_Serialization/testrsa-encrypted.pem
- The above, encrypted at the PEM level with AES-128-CBC and password “password”.asymmetric/Traditional_OpenSSL_Serialization/key1.pem
- The above, encrypted at the PEM level with DES-EDE3-CBC and password “123456”.asymmetric/Traditional_OpenSSL_Serialization/key2.pem
- The above, encrypted at the PEM level with AES-128-CBC and password “a123456”.asymmetric/DER_Serialization/testrsa.der
- The above as a DER-encoded RSAPrivateKey structure.asymmetric/DSA/custom/nilpotent.pem
– A key where the field is actually a ring and the generator of the multiplicative subgroup is actually nilpotent with low degree. Taken from BoringSSL (seeTEST(DSATest, NilpotentGenerator)
).
Key exchange
vectors/cryptography_vectors/asymmetric/DH/rfc3526.txt
contains several standardized Diffie-Hellman groups from RFC 3526.vectors/cryptography_vectors/asymmetric/DH/RFC5114.txt
contains Diffie-Hellman examples from appendix A.1, A.2 and A.3 of RFC 5114.vectors/cryptography_vectors/asymmetric/DH/vec.txt
contains Diffie-Hellman examples from botan.vectors/cryptography_vectors/asymmetric/DH/bad_exchange.txt
contains Diffie-Hellman vector pairs that were generated using OpenSSLDH_generate_parameters_ex
andDH_generate_key
.vectors/cryptography_vectors/asymmetric/DH/dhp.pem
,vectors/cryptography_vectors/asymmetric/DH/dhkey.pem
andvectors/cryptography_vectors/asymmetric/DH/dhpub.pem
contains Diffie-Hellman parameters and key respectively. The keys were generated using OpenSSL following DHKE guide.vectors/cryptography_vectors/asymmetric/DH/dhkey.txt
contains all parameter in text.vectors/cryptography_vectors/asymmetric/DH/dhp.der
,vectors/cryptography_vectors/asymmetric/DH/dhkey.der
andvectors/cryptography_vectors/asymmetric/DH/dhpub.der
contains are the above parameters and keys in DER format.vectors/cryptography_vectors/asymmetric/DH/dhp_rfc5114_2.pem
,vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.pem
andvectors/cryptography_vectors/asymmetric/DH/dhpub_rfc5114_2.pem
contains Diffie-Hellman parameters and key respectively. The keys were generated using OpenSSL following DHKE guide. When creating the parameters we added the -pkeyopt dh_rfc5114:2 option to use RFC 5114 2048 bit DH parameters with 224 bit subgroup.vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.txt
contains all parameter in text.vectors/cryptography_vectors/asymmetric/DH/dhp_rfc5114_2.der
,vectors/cryptography_vectors/asymmetric/DH/dhkey_rfc5114_2.der
andvectors/cryptography_vectors/asymmetric/DH/dhpub_rfc5114_2.der
contains are the above parameters and keys in DER format.vectors/cryptography_vectors/asymmetric/DH/dh_key_256.pem
contains a PEM PKCS8 encoded DH key with a 256-bit key size.vectors/cryptoraphy_vectors/asymmetric/ECDH/brainpool.txt
contains Brainpool vectors from RFC 7027.vectors/cryptography_vectors/asymmetric/DH/dhpub_cryptography_old.pem
contains a Diffie-Hellman public key generated with a previous version ofcryptography
.
X.509
PKITS test suite from NIST PKI Testing.
v1_cert.pem
from the OpenSSL source tree (testx509.pem).ecdsa_root.pem
- DigiCert Global Root G3, asecp384r1
ECDSA root certificate.verisign-md2-root.pem
- A legacy Verisign public root signed using the MD2 algorithm. This is a PEM conversion of the root data in the NSS source tree.cryptography.io.pem
- A leaf certificate issued by RapidSSL for the cryptography website.cryptography.io.old_header.pem
- A leaf certificate issued by RapidSSL for the cryptography website. This certificate uses theX509 CERTIFICATE
legacy PEM header format.cryptography.io.chain.pem
- The same ascryptography.io.pem
, butrapidssl_sha256_ca_g3.pem
is concatenated to the end.cryptography.io.with_headers.pem
- The same ascryptography.io.pem
, but with an unrelated (encrypted) private key concatenated to the end.cryptography.io.chain_with_garbage.pem
- The same ascryptography.io.chain.pem
, but with other sections and text around it.cryptography.io.with_garbage.pem
- The same ascryptography.io.pem
, but with other sections and text around it.rapidssl_sha256_ca_g3.pem
- The intermediate CA that issued thecryptography.io.pem
certificate.cryptography.io.precert.pem
- A pre-certificate with the CT poison extension for the cryptography website.cryptography-scts.pem
- A leaf certificate issued by Let’s Encrypt for the cryptography website which contains signed certificate timestamps.wildcard_san.pem
- A leaf certificate issued by a public CA forlangui.sh
that contains wildcard entries in the SAN extension.san_edipartyname.der
- A DSA certificate from a Mozilla bug containing a SAN extension with anediPartyName
general name.san_x400address.der
- A DSA certificate from a Mozilla bug containing a SAN extension with anx400Address
general name.department-of-state-root.pem
- The intermediary CA for the Department of State, issued by the United States Federal Government’s Common Policy CA. Notably has acritical
policy constraints extensions.e-trust.ru.der
- A certificate from a Russian CA signed using the GOST cipher and containing numerous unusual encodings such as NUMERICSTRING in the subject DN.alternate-rsa-sha1-oid.der
- A certificate that uses an alternate signature OID for RSA with SHA1. This certificate has an invalid signature.badssl-sct.pem
- A certificate with the certificate transparency signed certificate timestamp extension.badssl-sct-none-hash.der
- The same asbadssl-sct.pem
, but DER-encoded and with the SCT’s signature hash manually changed to “none” (0x00
).badssl-sct-anonymous-sig.der
- The same asbadssl-sct.pem
, but DER-encoded and with the SCT’s signature algorithm manually changed to “anonymous” (0x00
).bigoid.pem
- A certificate with a rather long OID in the Certificate Policies extension. We need to make sure we can parse long OIDs.wosign-bc-invalid.pem
- A certificate issued by WoSign that contains a basic constraints extension with CA set to false and a path length of zero in violation of RFC 5280.tls-feature-ocsp-staple.pem
- A certificate issued by Let’s Encrypt that contains a TLS Feature extension with thestatus_request
feature (commonly known as OCSP Must-Staple).unique-identifier.pem
- A certificate containing a distinguished name with anx500UniqueIdentifier
.utf8-dnsname.pem
- A certificate containing non-ASCII characters in the DNS name entries of the SAN extension.badasn1time.pem
- A certificate containing an incorrectly specified UTCTime in its validity->not_after.letsencryptx3.pem
- A subordinate certificate used by Let’s Encrypt to issue end entity certificates.ed25519-rfc8410.pem
- A certificate containing an X25519 public key with aned25519
signature taken from RFC 8410.root-ed25519.pem
- Aned25519
root certificate (ed25519
signature withed25519
public key) from the OpenSSL test suite. (root-ed25519.pem)server-ed25519-cert.pem
- Aned25519
server certificate (RSA signature withed25519
public key) from the OpenSSL test suite. (server-ed25519-cert.pem)server-ed448-cert.pem
- Aned448
server certificate (RSA signature withed448
public key) from the OpenSSL test suite. (server-ed448-cert.pem)accvraiz1.pem
- An RSA root certificate that contains anexplicitText
entry with aBMPString
type.scottishpower-bitstring-dn.pem
- An ECDSA certificate that contains a subject DN with a bit string type.cryptography-scts-tbs-precert.der
- The “to-be-signed” pre-certificate bytes fromcryptography-scts.pem
, with the SCT list extension removed.belgian-eid-invalid-visiblestring.pem
- A certificate with UTF-8 bytes in aVisibleString
type.ee-pss-sha1-cert.pem
- An RSA PSS certificate using a SHA1 signature and SHA1 for MGF1 from the OpenSSL test suite.
Custom X.509 Vectors
invalid_version.pem
- Contains an RSA 2048 bit certificate with the X.509 version field set to0x7
.post2000utctime.pem
- Contains an RSA 2048 bit certificate with thenotBefore
andnotAfter
fields encoded as post-2000UTCTime
.dsa_selfsigned_ca.pem
- Contains a DSA self-signed CA certificate generated using OpenSSL.ec_no_named_curve.pem
- Contains an ECDSA certificate that does not have an embedded OID defining the curve.all_supported_names.pem
- An RSA 2048 bit certificate generated using OpenSSL that contains a subject and issuer that have two of each supported attribute type from RFC 5280.unsupported_subject_name.pem
- An RSA 2048 bit self-signed CA certificate generated using OpenSSL that contains the unsupported “initials” name.utf8_common_name.pem
- An RSA 2048 bit self-signed CA certificate generated using OpenSSL that contains a UTF8String common name with the value “We heart UTF8!™”.invalid_utf8_common_name.pem
- A certificate that contains aUTF8String
common name with an invalid UTF-8 byte sequence.two_basic_constraints.pem
- An RSA 2048 bit self-signed certificate containing two basic constraints extensions.basic_constraints_not_critical.pem
- An RSA 2048 bit self-signed certificate containing a basic constraints extension that is not marked as critical.bc_path_length_zero.pem
- An RSA 2048 bit self-signed certificate containing a basic constraints extension with a path length of zero.unsupported_extension.pem
- An RSA 2048 bit self-signed certificate containing an unsupported extension type. The OID was encoded as “1.2.3.4” with anextnValue
of “value”.unsupported_extension_2.pem
- Asecp256r1
certificate containing two unsupported extensions. The OIDs are1.3.6.1.4.1.41482.2
with anextnValue
of1.3.6.1.4.1.41482.1.2
and1.3.6.1.4.1.45724.2.1.1
with anextnValue
of\x03\x02\x040
unsupported_extension_critical.pem
- An RSA 2048 bit self-signed certificate containing an unsupported extension type marked critical. The OID was encoded as “1.2.3.4” with anextnValue
of “value”.san_email_dns_ip_dirname_uri.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension with the following general names:rfc822Name
,dNSName
,iPAddress
,directoryName
, anduniformResourceIdentifier
.san_empty_hostname.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative extension with an emptydNSName
general name.san_other_name.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension with theotherName
general name.san_registered_id.pem
- An RSA 1024 bit certificate containing a subject alternative name extension with theregisteredID
general name.all_key_usages.pem
- An RSA 2048 bit self-signed certificate containing a key usage extension with all nine purposes set to true.extended_key_usage.pem
- An RSA 2048 bit self-signed certificate containing an extended key usage extension with eight usages.san_idna_names.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension withrfc822Name
,dNSName
, anduniformResourceIdentifier
general names with IDNA (RFC 5895) encoding.san_wildcard_idna.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension with adNSName
general name with a wildcard IDNA (RFC 5895) domain.san_idna2003_dnsname.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension with an IDNA 2003 (RFC 3490)dNSName
.san_rfc822_names.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension with variousrfc822Name
values.san_rfc822_idna.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension with an IDNArfc822Name
.san_uri_with_port.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension with variousuniformResourceIdentifier
values.san_ipaddr.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension with aniPAddress
value.san_dirname.pem
- An RSA 2048 bit self-signed certificate containing a subject alternative name extension with adirectoryName
value.inhibit_any_policy_5.pem
- An RSA 2048 bit self-signed certificate containing an inhibit any policy extension with the value 5.inhibit_any_policy_negative.pem
- An RSA 2048 bit self-signed certificate containing an inhibit any policy extension with the value -1.authority_key_identifier.pem
- An RSA 2048 bit self-signed certificate containing an authority key identifier extension with key identifier, authority certificate issuer, and authority certificate serial number fields.authority_key_identifier_no_keyid.pem
- An RSA 2048 bit self-signed certificate containing an authority key identifier extension with authority certificate issuer and authority certificate serial number fields.aia_ocsp_ca_issuers.pem
- An RSA 2048 bit self-signed certificate containing an authority information access extension with two OCSP and one CA issuers entry.aia_ocsp.pem
- An RSA 2048 bit self-signed certificate containing an authority information access extension with an OCSP entry.aia_ca_issuers.pem
- An RSA 2048 bit self-signed certificate containing an authority information access extension with a CA issuers entry.cdp_empty_hostname.pem
- An RSA 2048 bit self-signed certificate containing a CRL distribution point extension withfullName
URI without a hostname.cdp_fullname_reasons_crl_issuer.pem
- An RSA 1024 bit certificate containing a CRL distribution points extension withfullName
,cRLIssuer
, andreasons
data.cdp_crl_issuer.pem
- An RSA 1024 bit certificate containing a CRL distribution points extension withcRLIssuer
data.cdp_all_reasons.pem
- An RSA 1024 bit certificate containing a CRL distribution points extension with allreasons
bits set.cdp_reason_aa_compromise.pem
- An RSA 1024 bit certificate containing a CRL distribution points extension with theAACompromise
reasons
bit set.nc_permitted_excluded.pem
- An RSA 2048 bit self-signed certificate containing a name constraints extension with both permitted and excluded elements. ContainsIPv4
andIPv6
addresses with network mask as well asdNSName
with a leading period.nc_permitted_excluded_2.pem
- An RSA 2048 bit self-signed certificate containing a name constraints extension with both permitted and excluded elements. Unlikenc_permitted_excluded.pem
, the general names do not contain any name constraints specific values.nc_permitted.pem
- An RSA 2048 bit self-signed certificate containing a name constraints extension with permitted elements.nc_permitted_2.pem
- An RSA 2048 bit self-signed certificate containing a name constraints extension with permitted elements that do not contain any name constraints specific values.nc_excluded.pem
- An RSA 2048 bit self-signed certificate containing a name constraints extension with excluded elements.nc_invalid_ip_netmask.pem
- An RSA 2048 bit self-signed certificate containing a name constraints extension with a permitted element that has anIPv6
IP and an invalid network mask.nc_invalid_ip4_netmask.der
- An RSA 2048 bit self-signed certificate containing a name constraints extension with a permitted element that has anIPv4
IP and an invalid network mask. The signature on this certificate is invalid.nc_single_ip_netmask.pem
- An RSA 2048 bit self-signed certificate containing a name constraints extension with a permitted element that has two IPs with/32
and/128
network masks.nc_ip_invalid_length.pem
- An RSA 2048 bit self-signed certificate containing a name constraints extension with a permitted element that has an invalid length (33 bytes instead of 32) for anIPv6
address with network mask. The signature on this certificate is invalid.cp_user_notice_with_notice_reference.pem
- An RSA 2048 bit self-signed certificate containing a certificate policies extension with a notice reference in the user notice.cp_user_notice_with_explicit_text.pem
- An RSA 2048 bit self-signed certificate containing a certificate policies extension with explicit text and no notice reference.cp_cps_uri.pem
- An RSA 2048 bit self-signed certificate containing a certificate policies extension with a CPS URI and no user notice.cp_user_notice_no_explicit_text.pem
- An RSA 2048 bit self-signed certificate containing a certificate policies extension with a user notice with no explicit text.cp_invalid.pem
- An RSA 2048 bit self-signed certificate containing a certificate policies extension with invalid data. ThepolicyQualifierId
is forid-qt-unotice
but the value is anid-qt-cps
ASN.1 structure.cp_invalid2.der
- An RSA 2048 bit self-signed certificate containing a certificate policies extension with invalid data. ThepolicyQualifierId
is forid-qt-cps
but the value is anid-qt-unotice
ASN.1 structure. The signature on this certificate is invalid.ian_uri.pem
- An RSA 2048 bit certificate containing an issuer alternative name extension with aURI
general name.ocsp_nocheck.pem
- An RSA 2048 bit self-signed certificate containing anOCSPNoCheck
extension.pc_inhibit_require.pem
- An RSA 2048 bit self-signed certificate containing a policy constraints extension with both inhibit policy mapping and require explicit policy elements.pc_inhibit.pem
- An RSA 2048 bit self-signed certificate containing a policy constraints extension with an inhibit policy mapping element.pc_require.pem
- An RSA 2048 bit self-signed certificate containing a policy constraints extension with a require explicit policy element.unsupported_subject_public_key_info.pem
- A certificate whose public key is an unknown OID (1.3.6.1.4.1.8432.1.1.2
).policy_constraints_explicit.pem
- A self-signed certificate containing apolicyConstraints
extension with arequireExplicitPolicy
value.freshestcrl.pem
- A self-signed certificate containing afreshestCRL
extension.sia.pem
- An RSA 2048 bit self-signed certificate containing a subject information access extension with both a CA repository entry and a custom OID entry.ca/ca.pem
- A self-signed certificate withbasicConstraints
set to true. Its private key isca/ca_key.pem
.pkcs12/ca/ca.pem
- A self-signed certificate withbasicConstraints
set to true. Its private key ispkcs12/ca/ca_key.pem
. This key is encoded in several of the PKCS12 custom vectors.negative_serial.pem
- A certificate with a serial number that is a negative number.rsa_pss.pem
- A certificate with an RSA PSS signature.root-ed448.pem
- Aned448
self-signed CA certificate usinged448-pkcs8.pem
as key.ca/rsa_ca.pem
- A self-signed RSA certificate withbasicConstraints
set to true. Its private key isca/rsa_key.pem
.ca/rsae_ca.pem
- A self-signed RSA certificate using a (non-PSS) RSA public key and a RSA PSS signature. Its private key isca/rsa_key.pem
.invalid-sct-version.der
- A certificate with an SCT with an unknown version.invalid-sct-length.der
- A certificate with an SCT with an internal length greater than the amount of data.bad_country.pem
- A certificate with country name and jurisdiction country name values in its subject and issuer distinguished names which are longer than 2 characters.rsa_pss_cert.pem
- A self-signed certificate with an RSA PSS signature withasymmetric/PKCS8/rsa_pss_2048.pem
as its key.rsa_pss_cert_invalid_mgf.der
- A self-signed certificate with an invalid RSA PSS signature that has a non-MGF1 OID for its mask generation function in the signature algorithm.rsa_pss_cert_no_sig_params.der
- A self-signed certificate with an invalid RSA PSS signature algorithm that is missing signature parameters for PSS.rsa_pss_cert_unsupported_mgf_hash.der
- A self-signed certificate with an unsupported MGF1 hash algorithm in the signature algorithm.long-form-name-attribute.pem
- A certificate withsubject
andissuer
names containing attributes whose value’s tag is encoded in long-form.mismatch_inner_outer_sig_algorithm.der
- A leaf certificate derived fromx509/cryptography.io.pem
but modifying thetbs_cert.signature_algorithm
OID to not match the outer signature algorithm OID.ms-certificate-template.pem
- A certificate with amsCertificateTemplate
extension.rsa_pss_sha256_no_null.pem
- A certificate with an RSA PSS signature with no encodedNULL
for the PSS hash algorithm parameters. This certificate was generated by LibreSSL.ecdsa_null_alg.pem
- A certificate with an ECDSA signature withNULL
algorithm parameters. This encoding is invalid, but was generated by Java 11.dsa_null_alg_params.pem
- A certificate with a DSA signature withNULL
algorithm parameters. This encoding is invalid, but was generated by Java 20.ekucrit-testuser-cert.pem
- A leaf certificate containing a critical EKU. This is an invalid certificate per CA/B 7.1.2.7.6.empty-eku.pem
- A leaf certificate containing an empty EKU extension. This is an invalid certificate per RFC 5280 4.2.1.12.malformed-san.pem
- A certificate with a malformed SAN.malformed-ian.pem
- A certificate with a malformed IAN.admissions_extension_optional_data_not_provided.pem
- A certificate containing theAdmissions
extension with multiple admissions, signed byx509/custom/ca/rsa_ca.pem
CA. The admissions in this certificate are prepared using synthetic data to verify the possible corner cases are handled by the parser correctly (an admission missing naming authority or admission authority, a profession info missing naming authority or profession OIDs or the registration number etc).admissions_extension_authority_not_provided.pem
- A certificate containing theAdmissions
extension with no admissions and no admission authority, signed byx509/custom/ca/rsa_ca.pem
CA.
Custom X.509 Request Vectors
dsa_sha1.pem
anddsa_sha1.der
- Contain a certificate request using 1024-bit DSA parameters and SHA1 generated using OpenSSL.rsa_md4.pem
andrsa_md4.der
- Contain a certificate request using 2048 bit RSA and MD4 generated using OpenSSL.rsa_sha1.pem
andrsa_sha1.der
- Contain a certificate request using 2048 bit RSA and SHA1 generated using OpenSSL.rsa_sha256.pem
andrsa_sha256.der
- Contain a certificate request using 2048 bit RSA and SHA256 generated using OpenSSL.ec_sha256.pem
andec_sha256.der
- Contain a certificate request using EC (secp384r1
) and SHA256 generated using OpenSSL.ec_sha256_old_header.pem
- Identical toec_sha256.pem
, but uses the-----BEGIN NEW CERTIFICATE REQUEST-----
legacy PEM header format.san_rsa_sha1.pem
andsan_rsa_sha1.der
- Contain a certificate request using RSA and SHA1 with a subject alternative name extension generated using OpenSSL.two_basic_constraints.pem
- A certificate signing request for an RSA 2048 bit key containing two basic constraints extensions. The signature on this CSR is invalid.unsupported_extension.pem
- A certificate signing request for an RSA 2048 bit key containing containing an unsupported extension type. The OID was encoded as “1.2.3.4” with anextnValue
of “value”. The signature on this CSR is invalid.unsupported_extension_critical.pem
- A certificate signing request for an RSA 2048 bit key containing containing an unsupported extension type marked critical. The OID was encoded as “1.2.3.4” with anextnValue
of “value”. The signature on this CSR is invalid.basic_constraints.pem
- A certificate signing request for an RSA 2048 bit key containing a basic constraints extension marked as critical. The signature on this CSR is invalid.invalid_signature.pem
- A certificate signing request for an RSA 1024 bit key containing an invalid signature with correct padding.challenge.pem
- A certificate signing request for an RSA 2048 bit key containing a challenge password.challenge-invalid.der
- A certificate signing request for an RSA 2048 bit key containing a challenge password attribute that has been encoded as an ASN.1 integer rather than a string.challenge-unstructured.pem
- A certificate signing request for an RSA 2048 bit key containing a challenge password attribute and an unstructured name attribute.challenge-multi-valued.der
- A certificate signing request for an RSA 2048 bit key containing a challenge password attribute with two values inside the ASN.1 set. The signature on this request is invalid.freeipa-bad-critical.pem
- A certificate signing request where the extensions value has acritical
value ofFalse
explicitly encoded.bad-version.pem
- A certificate signing request where the version is invalid.long-form-attribute.pem
- A certificate signing request containing an attribute whose value’s tag is encoded in the long form.zero-element-attribute.pem
- A certificate signing request containing an attribute whose value has zero elements.
Custom X.509 Certificate Revocation List Vectors
crl_all_reasons.pem
- Contains a CRL with 12 revoked certificates, whose serials match their list position. It includes one revocation without any entry extensions, 10 revocations with every supported reason code and one revocation with an unsupported, non-critical entry extension with the OID value set to “1.2.3.4”. The signature on this CRL is invalid.crl_dup_entry_ext.pem
- Contains a CRL with one revocation which has a duplicate entry extension. The signature on this CRL is invalid.crl_md2_unknown_crit_entry_ext.pem
- Contains a CRL with one revocation which contains an unsupported critical entry extension with the OID value set to “1.2.3.4”. The CRL uses an unsupported MD2 signature algorithm, and the signature on this CRL is invalid.crl_unsupported_reason.pem
- Contains a CRL with one revocation which has an unsupported reason code. The signature on this CRL is invalid.crl_inval_cert_issuer_entry_ext.pem
- Contains a CRL with one revocation which has one entry extension for certificate issuer with an empty value. The signature on this CRL is invalid.crl_empty.pem
- Contains a CRL with no revoked certificates.crl_empty_no_sequence.der
- Contains a CRL with no revoked certificates and the optional ASN.1 sequence for revoked certificates is omitted.crl_ian_aia_aki.pem
- Contains a CRL withIssuerAlternativeName
,AuthorityInformationAccess
,AuthorityKeyIdentifier
andCRLNumber
extensions.valid_signature_crl.pem
- Contains a CRL with a valid signature.valid_signature_cert.pem
- Contains a cert whose public key corresponds to the private key that produced the signature forvalid_signature_crl.pem
.invalid_signature_crl.pem
- Contains a CRL with the last signature byte incremented by 1 to produce an invalid signature.invalid_signature_cert.pem
- Contains a cert whose public key corresponds to the private key that produced the signature forinvalid_signature_crl.pem
.crl_delta_crl_indicator.pem
- Contains a CRL with theDeltaCRLIndicator
extension.crl_idp_fullname_only.pem
- Contains a CRL with anIssuingDistributionPoints
extension with only afullname
for the distribution point.crl_idp_only_ca.pem
- Contains a CRL with anIssuingDistributionPoints
extension that is only valid for CA certificate revocation.crl_idp_fullname_only_aa.pem
- Contains a CRL with anIssuingDistributionPoints
extension that sets afullname
and is only valid for attribute certificate revocation.crl_idp_fullname_only_user.pem
- Contains a CRL with anIssuingDistributionPoints
extension that sets afullname
and is only valid for user certificate revocation.crl_idp_fullname_indirect_crl.pem
- Contains a CRL with anIssuingDistributionPoints
extension that sets afullname
and the indirect CRL flag.crl_idp_reasons_only.pem
- Contains a CRL with anIssuingDistributionPoints
extension that is only valid for revocations with thekeyCompromise
reason.crl_idp_relative_user_all_reasons.pem
- Contains a CRL with anIssuingDistributionPoints
extension that sets all revocation reasons as allowed.crl_idp_relativename_only.pem
- Contains a CRL with anIssuingDistributionPoints
extension with only arelativename
for the distribution point.crl_unrecognized_extension.der
- Contains a CRL containing an unsupported extension type. The OID was encoded as “1.2.3.4.5” with anextnValue
ofabcdef
.crl_invalid_time.der
- Contains a CRL with an invalidUTCTime
value inthisUpdate
. The signature on this CRL is invalid.crl_no_next_time.pem
- Contains a CRL with nonextUpdate
value. The signature on this CRL is invalid.crl_bad_version.pem
- Contains a CRL with an invalid version.crl_almost_10k.pem
- Contains a CRL with 9,999 entries.crl_inner_outer_mismatch.der
- A CRL created fromvalid_signature_crl.pem
but with a mismatched inner and outer signature algorithm. The signature on this CRL is invalid.
X.509 OCSP Test Vectors
x509/ocsp/resp-sha256.der
- An OCSP response forcryptography.io
with a SHA256 signature.x509/ocsp/resp-unauthorized.der
- An OCSP response with an unauthorized status.x509/ocsp/resp-revoked.der
- An OCSP response forrevoked.badssl.com
with a revoked status.x509/ocsp/resp-delegate-unknown-cert.der
- An OCSP response for an unknown cert fromAC Camerafirma
. This response also contains a delegate certificate.x509/ocsp/resp-responder-key-hash.der
- An OCSP response from theDigiCert
OCSP responder that uses a key hash for the responder ID.x509/ocsp/resp-revoked-reason.der
- An OCSP response from theQuoVadis
OCSP responder that contains a revoked certificate with a revocation reason.x509/ocsp/resp-revoked-no-next-update.der
- An OCSP response that contains a revoked certificate and nonextUpdate
value.x509/ocsp/resp-invalid-signature-oid.der
- An OCSP response that was modified to contain an MD2 signature algorithm object identifier.x509/ocsp/resp-single-extension-reason.der
- An OCSP response that contains aCRLReason
single extension.x509/ocsp/resp-sct-extension.der
- An OCSP response containing aCT Certificate SCTs
single extension, from the SwissSign OCSP responder.x509/ocsp/ocsp-army.deps.mil-resp.der
- An OCSP response containing multipleSINGLERESP
values.x509/ocsp/resp-response-type-unknown-oid.der
- An OCSP response with an unknown OID for response type. The signature on this response is invalid.x509/ocsp/resp-successful-no-response-bytes.der
- An OCSP request with a successful response type but the response bytes are missing.x509/ocsp/resp-unknown-response-status.der
- An OCSP response with an unknown response status.
Custom X.509 OCSP Test Vectors
x509/ocsp/req-sha1.der
- An OCSP request containing a single request and using SHA1 as the hash algorithm.x509/ocsp/req-multi-sha1.der
- An OCSP request containing multiple requests.x509/ocsp/req-invalid-hash-alg.der
- An OCSP request containing an invalid hash algorithm OID.x509/ocsp/req-ext-nonce.der
- An OCSP request containing a nonce extension.x509/ocsp/req-ext-unknown-oid.der
- An OCSP request containing an extension with an unknown OID.x509/ocsp/req-duplicate-ext.der
- An OCSP request with duplicate extensions.x509/ocsp/resp-unknown-extension.der
- An OCSP response containing an extension with an unknown OID.x509/ocsp/resp-unknown-hash-alg.der
- An OCSP response containing an invalid hash algorithm OID.x509/ocsp/req-acceptable-responses.der
- An OCSP request containing an acceptable responses extension.
Custom PKCS12 Test Vectors
pkcs12/cert-key-aes256cbc.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
) both encrypted with AES 256 CBC with the passwordcryptography
.pkcs12/cert-none-key-none.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
) with no encryption. The password (used for integrity checking only) iscryptography
.pkcs12/cert-rc2-key-3des.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) encrypted with RC2 and key (pkcs12/ca/ca_key.pem
) encrypted via 3DES with the passwordcryptography
.pkcs12/no-password.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
) with no encryption and no password.pkcs12/no-cert-key-aes256cbc.p12
- A PKCS12 file containing a key (pkcs12/ca/ca_key.pem
) encrypted via AES 256 CBC with the passwordcryptography
and no certificate.pkcs12/cert-aes256cbc-no-key.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) encrypted via AES 256 CBC with the passwordcryptography
and no private key.pkcs12/no-name-no-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
), as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
).pkcs12/name-all-no-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
) with friendly namename
, as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly namesname2
andname3
, respectively.pkcs12/name-1-no-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
) with friendly namename
, as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
).pkcs12/name-2-3-no-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
), as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly namesname2
andname3
, respectively.pkcs12/name-2-no-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
), as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), the first having friendly namename2
.pkcs12/name-3-no-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
), as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), the latter having friendly namename3
.pkcs12/name-unicode-no-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
) with friendly name☺
, as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly namesä
andç
, respectively.pkcs12/no-name-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
), as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/name-all-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
) with friendly namename
, as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly namesname2
andname3
respectively, encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/name-1-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
) with friendly namename
, as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/name-2-3-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
), as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly namesname2
andname3
respectively, encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/name-2-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
), as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), the first having friendly namename2
, encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/name-3-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
), as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), the latter having friendly namename2
, encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/name-unicode-pwd.p12
- A PKCS12 file containing a cert (pkcs12/ca/ca.pem
) and key (pkcs12/ca/ca_key.pem
) with friendly name☺
, as well as two additional certificates (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly namesä
andç
respectively, encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/no-cert-no-name-no-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
).pkcs12/no-cert-name-all-no-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly namesname2
andname3
, respectively.pkcs12/no-cert-name-2-no-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), the first having friendly namename2
.pkcs12/no-cert-name-3-no-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), the second having friendly namename3
.pkcs12/no-cert-name-unicode-no-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly names☹
andï
, respectively.pkcs12/no-cert-no-name-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/no-cert-name-all-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly namesname2
andname3
, respectively, encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/no-cert-name-2-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), the first with friendly namename2
, encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/no-cert-name-3-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
), the second with friendly namename3
, encrypted via AES 256 CBC with the passwordcryptography
.pkcs12/no-cert-name-unicode-pwd.p12
- A PKCS12 file containing two certs (x509/cryptography.io.pem
andx509/letsencryptx3.pem
) with friendly names☹
andï
, respectively, encrypted via AES 256 CBC with the passwordcryptography
.
Custom PKCS7 Test Vectors
pkcs7/isrg.pem
- A PEM encoded PKCS7 file containing the ISRG X1 root CA.pkcs7/amazon-roots.p7b
- A BER encoded PCKS7 file containing Amazon Root CA 2 and 3 generated by Apple Keychain.pkcs7/amazon-roots.der
- A DER encoded PCKS7 file containing Amazon Root CA 2 and 3 generated by OpenSSL.pkcs7/enveloped.pem
- A PEM encoded PKCS7 file with enveloped data.pkcs7/enveloped-aes-256-cbc.pem
- A PEM encoded PKCS7 file with enveloped data, with content encrypted using AES-256-CBC, under the public key ofx509/custom/ca/rsa_ca.pem
.pkcs7/enveloped-rsa-oaep.pem
- A PEM encoded PKCS7 file with enveloped data, with key encrypted using RSA-OAEP, under the public key ofx509/custom/ca/rsa_ca.pem
.pkcs7/enveloped-no-content.der
- A DER encoded PKCS7 file with enveloped data, without encrypted content, with key encrypted under the public key ofx509/custom/ca/rsa_ca.pem
.
Custom OpenSSH Test Vectors
ed25519-aesgcm-psw.key
anded25519-aesgcm-psw.key.pub
generated by exporting an Ed25519 key from1password 8
with the password “password”. This key is encrypted using theaes256-gcm@openssh.com
algorithm.
Generated by
asymmetric/OpenSSH/gen.sh
using command-line tools from OpenSSH_7.6p1 package.
dsa-nopsw.key
,dsa-nopsw.key.pub
,dsa-nopsw.key-cert.pub
- DSA-1024 private key; and corresponding public key in plain format and with self-signed certificate.dsa-psw.key
,dsa-psw.key.pub
- Password-protected DSA-1024 private key and corresponding public key. Password is “password”.ecdsa-nopsw.key
,ecdsa-nopsw.key.pub
,ecdsa-nopsw.key-cert.pub
- SECP256R1 private key; and corresponding public key in plain format and with self-signed certificate.ecdsa-psw.key
,ecdsa-psw.key.pub
- Password-protected SECP384R1 private key and corresponding public key. Password is “password”.ed25519-nopsw.key
,ed25519-nopsw.key.pub
,ed25519-nopsw.key-cert.pub
- Ed25519 private key; and corresponding public key in plain format and with self-signed certificate.ed25519-psw.key
,ed25519-psw.key.pub
- Password-protected Ed25519 private key and corresponding public key. Password is “password”.rsa-nopsw.key
,rsa-nopsw.key.pub
,rsa-nopsw.key-cert.pub
- RSA-2048 private key; and corresponding public key in plain format and with self-signed certificate.rsa-psw.key
,rsa-psw.key.pub
- Password-protected RSA-2048 private key and corresponding public key. Password is “password”.
Custom OpenSSH Certificate Test Vectors
p256-p256-duplicate-extension.pub
- A certificate with a duplicate extension.p256-p256-non-lexical-extensions.pub
- A certificate with extensions in non-lexical order.p256-p256-duplicate-crit-opts.pub
- A certificate with a duplicate critical option.p256-p256-non-lexical-crit-opts.pub
- A certificate with critical options in non-lexical order.p256-ed25519-non-singular-crit-opt-val.pub
- A certificate with a critical option that contains more than one value.p256-ed25519-non-singular-ext-val.pub
- A certificate with an extension that contains more than one value.dsa-p256.pub
- A certificate with a DSA public key signed by a P256 CA.p256-dsa.pub
- A certificate with a P256 public key signed by a DSA CA.p256-p256-broken-signature-key-type.pub
- A certificate with a P256 public key signed by a P256 CA, but the signature key type is set torsa-sha2-512
.p256-p256-empty-principals.pub
- A certificate with a P256 public key signed by a P256 CA with an empty valid principals list.p256-p256-invalid-cert-type.pub
- A certificate with a P256 public key signed by a P256 CA with an invalid certificate type.p256-p384.pub
- A certificate with a P256 public key signed by a P384 CA.p256-p521.pub
- A certificate with a P256 public key signed by a P521 CA.p256-rsa-sha1.pub
- A certificate with a P256 public key signed by a RSA CA using SHA1.p256-rsa-sha256.pub
- A certificate with a P256 public key signed by a RSA CA using SHA256.p256-rsa-sha512.pub
- A certificate with a P256 public key signed by a RSA CA using SHA512.
Hashes
MD5 from RFC 1321.
RIPEMD160 from the RIPEMD website.
SHA1 from NIST CAVP.
SHA2 (224, 256, 384, 512, 512/224, 512/256) from NIST CAVP.
SHA3 (224, 256, 384, 512) from NIST CAVP.
SHAKE (128, 256) from NIST CAVP.
Blake2s and Blake2b from OpenSSL test/evptests.txt.
HMAC
Key derivation functions
HKDF (SHA1, SHA256) from RFC 5869.
PBKDF2 (HMAC-SHA1) from RFC 6070.
scrypt from the draft RFC.
X9.63 KDF from NIST CAVP.
SP 800-108 Counter Mode KDF (HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512) from NIST CAVP.
argon2id from RFC 9106, OpenSSL’s evpkdf_argon2.txt, and the argon2 command line application.
Key wrapping
AES key wrap (AESKW) and 3DES key wrap test vectors from NIST CAVP.
AES key wrap with padding vectors from Botan’s key wrap vectors.
Recipes
Fernet from its specification repository.
Symmetric ciphers
AES (CBC, CFB, ECB, GCM, OFB, CCM) from NIST CAVP.
AES CTR from RFC 3686.
AES-GCM-SIV (KEY-LENGTH: 128, 256) from OpenSSL’s evpciph_aes_gcm_siv.txt.
AES-GCM-SIV (KEY-LENGTH: 192) generated by this project. See AES-GCM-SIV vector creation
AES OCB3 from RFC 7253, dkg’s additional OCB3 vectors, and OpenSSL’s OCB vectors.
AES SIV from OpenSSL’s evpciph_aes_siv.txt.
3DES (CBC, CFB, ECB, OFB) from NIST CAVP.
ARC4 (KEY-LENGTH: 40, 56, 64, 80, 128, 192, 256) from RFC 6229.
ARC4 (KEY-LENGTH: 160) generated by this project. See: ARC4 vector creation
Blowfish (CBC, CFB, ECB, OFB) from Bruce Schneier’s vectors.
Camellia (ECB) from NTT’s Camellia page as linked by CRYPTREC.
Camellia (CBC, CFB, OFB) from OpenSSL’s test vectors.
CAST5 (ECB) from RFC 2144.
CAST5 (CBC, CFB, OFB) generated by this project. See: CAST5 vector creation
ChaCha20 from RFC 7539 and generated by this project. See: ChaCha20 vector creation
ChaCha20Poly1305 from RFC 7539, OpenSSL’s evpciph.txt, and the BoringSSL ChaCha20Poly1305 tests.
IDEA (ECB) from the NESSIE IDEA vectors created by NESSIE.
IDEA (CBC, CFB, OFB) generated by this project. See: IDEA vector creation
RC2-128-CBC generated by this project. See: RC2 vector creation
SEED (ECB) from RFC 4269.
SEED (CBC) from RFC 4196.
SEED (CFB, OFB) generated by this project. See: SEED vector creation
SM4 (CBC, CFB, CTR, ECB, OFB) from draft-ribose-cfrg-sm4-10.
SM4 (GCM) from RFC 8998.
Two factor authentication
CMAC
AES-128, AES-192, AES-256, 3DES from NIST SP-800-38B
Poly1305
Test vectors from RFC 7539.
Creating test vectors
When official vectors are unavailable cryptography
may choose to build
its own using existing vectors as source material.
Created Vectors
If official test vectors appear in the future the custom generated vectors should be discarded.
Any vectors generated by this method must also be prefixed with the following header format (substituting the correct information):
# CAST5 CBC vectors built for https://github.com/pyca/cryptography
# Derived from the AESVS MMT test data for CBC
# Verified against the CommonCrypto and Go crypto packages
# Key Length : 128