Certificate Fuzzer

 Download Certificate Fuzzer for Linux

Certificate Fuzzer is tool which applies the fuzz-testing approach to the validation of X.509 certificates. For this purpose, the tool reads a syntactically correct X.509 certificate in the DER-encoding as a reference and creates a set of manipulated X.509 certificates derived from the reference certificate. It is capable of applying a new valid signature to the generated certificates, making them verifiable if the manipulations still allow this. The manipulated certificates can be used in a testbed in order to check implementations of a routine that verifies X.509 certificates. On the one hand, this allows to test for memory access errors by letting the verification run under memory debugging tools such as Address Sanitizer or Valgrind On the other hand, it is also possible to determine logical errors, by verifying that certificates with invalid signatures are rejected.

Announcements


cryptosource GmbH has an exhibition at the "Internet of Things" conference on October 19th, 2017 in Munich.


News

cryptosource GmbH has an exhibition at the embedded world 2017 in Nurnberg, Germany March 21st 2017

At Eurocrypt 2016 cryptosource presents a work about vulnerabilities of the random number generator of OpenSSL May 12th 2016