README.md

Public Key Cryptography Test Keys

RFC 9500 proposes a set of standard test keys. This repository presents the private and public keys, in different format to ease consumptions.

Table of Content

• RSA Keys
• DLP Keys
• ECDLP Keys
• Security Considerations
• FAQ
• Development

RSA Keys

testRSA1024
private	pem
public	pem

testRSA2048
private	pem
public	pem

testRSA4096
private	pem
public	pem

DLP Keys

testDLP1024
private	pem	hex
public	pem	hex

testDLP2048
private	pem	hex
public	pem	hex

testDLP4096
private	pem	hex
public	pem	hex

ECDLP Keys

testECCP256
private	pem	hex
public	pem	hex

testECCP384
private	pem	hex
public	pem	hex

testECCP521
private	pem	hex
public	pem	hex

Security considerations

This software has not been audited. Please use at your sole discretion. With this in mind, dee security relies on the following:

• RFC 9500 holds the source cryptographic material, and more.

FAQ

Should I use this in production

NO. At the same time, this repository might allow you to detect such usages.

How do I get a test certificate

For local development, have a look at mkcert. If you want to generate a fresh certificate with one of the RFC provided test key, use the following

# Select a PEM formated key in this repository
KEY=./pem/testRSA1024.pem
# Generate a Certificate Signing Request
openssl req -new -key "${KEY}"  -out example_test.csr
# Generate the associated certificate
openssl x509 -req -in example_test.csr -signkey ./pem/testRSA1024.pem -out example_test.crt

Development

Requirements

• bash
• OpenSSL

Run

All development happens in generate.sh. The initial private key in PEM format have been taken from RFC 9500, along with their recommended name. The script has then been run to generate public keys, and hex encoded keys.

./scripts/generate.sh