What is the difference between 'valid' and 'acceptable' results in Wycheproof?

'Valid' means the test must succeed. 'Acceptable' indicates a result that is technically allowed by the specification but may contain non-ideal attributes or legacy patterns.

What algorithms does the Wycheproof skill cover?

It provides test vectors for a wide range of algorithms including AES-GCM, RSA, ECDSA, ECDH, ChaCha20-Poly1305, and various elliptic curves like secp256k1.

How do I ensure I am using the latest test vectors?

The skill recommends adding the Wycheproof repository as a git submodule or using a fetch script in your CI/CD pipeline to pull the latest JSON vectors from the official source.

Can I use this for timing side-channel testing?

No, Wycheproof focuses on logical correctness and edge cases; for timing side-channels, specialized constant-time testing tools should be used instead.

Wycheproof Cryptographic Testing

Name: Wycheproof Cryptographic Testing
Author: micsapp

bymicsapp

0•

Security & Testing

Validates cryptographic implementations against a comprehensive library of known attack vectors and edge cases.

This skill integrates the Google Wycheproof project into your development workflow, providing specialized guidance for testing cryptographic algorithms like AES-GCM, ECDSA, RSA, and more. It helps developers identify critical vulnerabilities—such as signature malleability, padding oracles, and invalid curve attacks—by supplying standardized test vectors and implementation patterns. Whether you are building a new security library or auditing third-party code, this skill ensures your cryptographic primitives are robust, secure, and compliant with industry standards.

Key Features

010 GitHub stars

02Implementation patterns for automated Python and JavaScript testing harnesses.

03Detection of common vulnerabilities like signature malleability and tag forgery.

04Guidance for CI/CD integration using git submodules for up-to-date validation.

05Detailed explanations of cryptographic result flags including valid, invalid, and acceptable.

06Access to thousands of cryptographic test vectors for symmetric and asymmetric encryption.

Use Cases

01Setting up automated security regression testing in CI/CD pipelines for crypto primitives.

02Validating custom implementations of AES, RSA, or Elliptic Curve signatures for correctness.

03Auditing third-party cryptographic libraries for security flaws and edge case handling.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills wycheproof

For use in Claude.ai and ChatGPT