Package Cryptodome :: Package PublicKey :: Module DSA

Module DSA

DSA public-key signature algorithm.

DSA is a widespread public-key signature algorithm. Its security is based on the discrete logarithm problem (DLP). Given a cyclic group, a generator g, and an element h, it is hard to find an integer x such that g^x = h. The problem is believed to be difficult, and it has been proved such (and therefore secure) for more than 30 years.

The group is actually a sub-group over the integers modulo p, with p prime. The sub-group order is q, which is prime too; it always holds that (p-1) is a multiple of q. The cryptographic strength is linked to the magnitude of p and q. The signer holds a value x (0<x<q-1) as private key, and its public key (y where y=g^x mod p) is distributed.

In 2012, a sufficient size is deemed to be 2048 bits for p and 256 bits for q. For more information, see the most recent ECRYPT report.

DSA is reasonably secure for new designs.

The algorithm can only be used for authentication (digital signature). DSA cannot be used for confidentiality (encryption).

The values (p,q,g) are called domain parameters; they are not sensitive but must be shared by both parties (the signer and the verifier). Different signers can share the same domain parameters with no security concerns.

The DSA signature is twice as big as the size of q (64 bytes if q is 256 bit long).

This module provides facilities for generating new DSA keys and for constructing them from known components. DSA keys allows you to perform basic signing and verification.

>>> from Cryptodome.PublicKey import DSA
>>> from Cryptodome.Signature.DSS
>>> from Cryptodome.Hash import SHA256
>>>
>>> message = b"Hello"
>>> key = DSA.generate(2048)
>>> f = open("public_key.pem", "w")
>>> f.write(key.publickey().exportKey(key))
>>> hash_obj = SHA256.new(message)
>>> signer = DSS.new(key, 'fips-186-3')
>>> signature = key.sign(hash_obj)
>>> ...
>>> f = open("public_key.pem", "r")
>>> hash_obj = SHA256.new(message)
>>> pub_key = DSA.import_key(f.read())
>>> if pub_key.verify(hash_obj, signature):
>>>     print "OK"
>>> else:
>>>     print "Incorrect signature"
Classes
  DsaKey
Class defining an actual DSA key.
Functions
 
generate(bits, randfunc=None, domain=None)
Generate a new DSA key pair.
 
construct(tup, consistency_check=True)
Construct a DSA key from a tuple of valid DSA components.
 
import_key(extern_key, passphrase=None)
Import a DSA key (public or private).
Function Details

generate(bits, randfunc=None, domain=None)

 

Generate a new DSA key pair.

The algorithm follows Appendix A.1/A.2 and B.1 of FIPS 186-4, respectively for domain generation and key pair generation.

Parameters:
  • bits (integer) - Key length, or size (in bits) of the DSA modulus p. It must be 1024, 2048 or 3072.
  • randfunc (callable) - Random number generation function; it accepts a single integer N and return a string of random data N bytes long. If not specified, the default from Cryptodome.Random is used.
  • domain (list) - The DSA domain parameters p, q and g as a list of 3 integers. Size of p and q must comply to FIPS 186-4. If not specified, the parameters are created anew.
Returns:
A DSA key object (DsaKey).
Raises:
  • ValueError - When bits is too little, too big, or not a multiple of 64.

construct(tup, consistency_check=True)

 
Construct a DSA key from a tuple of valid DSA components.
Parameters:
  • tup (tuple) - A tuple of long integers, with 4 or 5 items in the following order:

    1. Public key (y).
    2. Sub-group generator (g).
    3. Modulus, finite field order (p).
    4. Sub-group order (q).
    5. Private key (x). Optional.
  • consistency_check (boolean) - If True, the library will verify that the provided components fulfil the main DSA properties.
Returns:
A DSA key object (DsaKey).
Raises:
  • PublicKey.ValueError - When the key being imported fails the most basic DSA validity checks.

import_key(extern_key, passphrase=None)

 

Import a DSA key (public or private).

Parameters:
  • extern_key ((byte) string) - The DSA key to import.

    An DSA public key can be in any of the following formats:

    • X.509 certificate (binary or PEM format)
    • X.509 subjectPublicKeyInfo (binary or PEM)
    • OpenSSH (one line of text, see RFC4253)

    A DSA private key can be in any of the following formats:

    • PKCS#8 PrivateKeyInfo or EncryptedPrivateKeyInfo DER SEQUENCE (binary or PEM encoding)
    • OpenSSL/OpenSSH (binary or PEM)

    For details about the PEM encoding, see RFC1421/RFC1423.

    The private key may be encrypted by means of a certain pass phrase either at the PEM level or at the PKCS#8 level.

  • passphrase (string) - In case of an encrypted private key, this is the pass phrase from which the decryption key is derived.
Returns:
A DSA key object (DsaKey).
Raises:
  • ValueError - When the given key cannot be parsed (possibly because the pass phrase is wrong).