[Cryptography] CMS or S/MIME test vectors

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat May 23 00:43:53 EDT 2020

Dmitry Baryshkov <dbaryshkov at gmail.com> writes:

>I have been looking for good CMS or S/MIME test corpora. Does anyone know a
>suitable set of messages? Well, other than RFC 4134.

For a real-world test data set, look for S/MIME encrypted or signed email via
Google or similar.  In particular for signatures, which are the most
problematic, just save off any from incoming signed email.  I have quite a
collection that I've simply accumulated over time as it's turned up.  Normally
I'd offer to share it but mixed in there are various non-public samples and
I'd have to pick through it all sorting out those ones from public-sourced

In terms of RFC 4134, that's not very useful since it exercises every weird
mechanism and oddball corner case in the spec, none of which you'll ever
encounter.  What you need to test most is all of the million ways of creating
theoretically valid but unexpected signatures on data, which is what you need
to scrape together from public sources.


More information about the cryptography mailing list