gnu.crypto.sig.dss
public class DSSSignature extends BaseSignature
The DSS (Digital Signature Standard) algorithm makes use of the following parameters:
2L-1 < p < 2L
for 512 <= L <= 1024
and L
a
multiple of 64
.p - 1
, where 2159
< q < 2160
.g = h(p-1)/q mod p
, where
h
is any integer with 1 < h < p - 1
such
that h (p-1)/q mod p > 1
(g
has order
q mod p
).0 < x
< q
.y = gx mod p
.0 < k
< q
.The integers p
, q
, and g
can be
public and can be common to a group of users. A user's private and public
keys are x
and y
, respectively. They are normally
fixed for a period of time. Parameters x
and k
are
used for signature generation only, and must be kept secret. Parameter
k
must be regenerated for each signature.
The signature of a message M
is the pair of numbers r
and s
computed according to the equations below:
r = (gk mod p) mod q
ands = (k-1(SHA(M) + xr)) mod q
.In the above, k-1
is the multiplicative inverse of
k
, mod q
; i.e., (k-1 k) mod q = 1
and 0 < k-1 < q
. The value of SHA(M)
is a 160-bit string output by the Secure Hash Algorithm specified in FIPS 180.
For use in computing s
, this string must be converted to an
integer.
As an option, one may wish to check if r == 0
or s == 0
. If either r == 0
or s == 0
, a new value
of k
should be generated and the signature should be
recalculated (it is extremely unlikely that r == 0
or s ==
0
if signatures are generated properly).
The signature is transmitted along with the message to the verifier.
References:
Version: $Revision: 1.9 $
Constructor Summary | |
---|---|
DSSSignature() Trivial 0-arguments constructor. |
Method Summary | |
---|---|
Object | clone() |
protected Object | generateSignature() |
protected void | setupForSigning(PrivateKey k) |
protected void | setupForVerification(PublicKey k) |
static BigInteger[] | sign(DSAPrivateKey k, byte[] h) |
static BigInteger[] | sign(DSAPrivateKey k, byte[] h, Random rnd) |
static BigInteger[] | sign(DSAPrivateKey k, byte[] h, IRandom irnd) |
static boolean | verify(DSAPublicKey k, byte[] h, BigInteger[] rs) |
protected boolean | verifySignature(Object sig) |