[openssl-users] Testing OpenSSL based solution
Dave Thompson
dthompson at prinpay.com
Wed May 13 07:22:04 UTC 2015
> From: openssl-users On Behalf Of Marcus Vinicius do Nascimento
> Sent: Tuesday, May 12, 2015 16:50
> I did some quick research and found this:
http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
> If my understanding is correct, the public key is (p, q, g, y).
You might want to look at the actual standard, FIPS 186, free from NIST
and referred to by wikipedia as well as easily searchable. The current
version is revision -4, but the basic logic of DSA hasn't changed since
"-0" (although the sizes used have increased).
Standardly a DSA public key is (parameters, y) where parameters is
(p, q, g {, seed, counter}) where the optional fields in the parameters
allow verification of the parameter generation process. OpenSSL does
not use that option, so it uses only p,g,q and y. See below.
> The private key would be x, such that y = g^x mod p.
> Is there some way to generate both public and private keys using OpenSSL,
> based on p, q, g and y?
You cannot recover the private key from the public key for any
secure PKC scheme used with appropriate sizes. DSA is a secure
scheme, and DSS and these test cases use appropriate sizes.
> De: openssl-users Em nome de Marcus Vinicius do Nascimento
> Enviada em: terça-feira, 12 de maio de 2015 17:06
> I tried using Y as the public key, but ssl seems not to accept that.
> From the FIP file: <snip>
> So I tried reformatting Y to pass it to PEM_read_bio_DSAPrivateKey.
> Converting Y to Base64 = <snip>
> Reformatting in PEM format = "-----BEGIN DSA PRIVATE KEY----- <snip>
[doesn't work]
As above, the public key requires all of p,q,g and y, not just y.
The private key would require x as well, and you don't have x.
For public keys for _all_ algorithms in files including PEM
OpenSSL uses the format standardized by X.509 called
SubjectPublicKeyInfo or SPKI for short, which is an ASN.1
sequence containing an AlgorithmIdentifier which is a(nother)
sequence containing an OID identifying the algorithm and an
optional parameters field whose type depends on the algorithm,
followed by a BITSTRING containing a nested encoding of the
public key value relative to the parameters for that algorithm.
For DSA, the OID identifies DSA, the parameters are a sequence
of three INTEGERs for p,g,q, and the nested key encoding is
just an INTEGER. All elements in ASN.1 use a "TLV" (tag, length,
value) encoding, and INTEGER (thus) consists of a tag octet of 02
specifying integer, a length whose length itself varies depending
on the length it encodes, and a value field which for INTEGER is
a _signed_ big-endian binary number. Since the particular y
you tried to encode below happens to have a magnitude size of
1024 bits, a multiple of 8, it requires a leading sign octet of 00.
So does g in this case, and p and q by design (they are specified with
magnitude sizes which are multiples of 8, and indeed of 32).
See rfc 5280 for the generic SPKI format, and rfc 3279 (referenced there)
for the specifics for several algorithms including DSA.
Note that the PEM type is just "BEGIN/END PUBLIC KEY" (no DSA)
because as above the format handles all algorithms.
More information about the openssl-users
mailing list