new(key,
mode,
encoding=' binary ' ,
randfunc=None)
|
|
Return a signature scheme object DSS_SigScheme that
can be used to perform DSS signature or verification.
- Parameters:
key (a Cryptodome.PublicKey.DSA or Cryptodome.PublicKey.ECC key object) - If the key has got its private half, both signature and
verification are possible.
If it only has the public half, verification is possible
but not signature generation.
For DSA keys, let L and N be the bit lengths of the modules p
and q: the combination (L,N) must appear in the following list,
in compliance to section 4.2 of FIPS-186:
- (1024, 160)
- (2048, 224)
- (2048, 256)
- (3072, 256)
mode (string) - The parameter can take these values:
- 'fips-186-3'. The signature generation is carried out
according to FIPS-186: the nonce k is taken from the RNG.
- 'deterministic-rfc6979'. The signature generation
process does not rely on a random generator.
See RFC6979.
encoding (string) - How the signature is encoded. This value determines the output of
sign and the input of verify.
The following values are accepted:
- 'binary' (default), the signature is the raw concatenation
of r and s. The size in bytes of the signature is always
two times the size of q.
- 'der', the signature is a DER encoded SEQUENCE with two
INTEGERs, r and s. The size of the signature is variable.
randfunc (callable) - The source of randomness. If None, the internal RNG is used.
Only used for the 'fips-186-3' mode.
|