Package Crypto :: Package PublicKey :: Module DSA
[frames] | no frames]

Module DSA

DSA public-key signature algorithm.

DSA is a widespread public-key signature algorithm. Its security is based on the discrete logarithm problem (DLP). Given a cyclic group, a generator g, and an element h, it is hard to find an integer x such that g^x = h. The problem is believed to be difficult, and it has been proved such (and therefore secure) for more than 30 years.

The group is actually a sub-group over the integers modulo p, with p prime. The sub-group order is q, which is prime too; it always holds that (p-1) is a multiple of q. The cryptographic strength is linked to the magnitude of p and q. The signer holds a value x (0<x<q-1) as private key, and its public key (y where y=g^x mod p) is distributed.

In 2012, a sufficient size is deemed to be 2048 bits for p and 256 bits for q. For more information, see the most recent ECRYPT report.

DSA is reasonably secure for new designs.

The algorithm can only be used for authentication (digital signature). DSA cannot be used for confidentiality (encryption).

The values (p,q,g) are called domain parameters; they are not sensitive but must be shared by both parties (the signer and the verifier). Different signers can share the same domain parameters with no security concerns.

The DSA signature is twice as big as the size of q (64 bytes if q is 256 bit long).

This module provides facilities for generating new DSA keys and for constructing them from known components. DSA keys allows you to perform basic signing and verification.

>>> from Crypto.Random import random
>>> from Crypto.PublicKey import DSA
>>> from Crypto.Hash import SHA
>>>
>>> message = "Hello"
>>> key = DSA.generate(1024)
>>> h = SHA.new(message).digest()
>>> k = random.StrongRandom().randint(1,key.q-1)
>>> sig = key.sign(h,k)
>>> ...
>>> if key.verify(h,sig):
>>>     print "OK"
>>> else:
>>>     print "Incorrect signature"
Classes
  _DSAobj
Class defining an actual DSA key.
  DSAImplementation
A DSA key factory.
  error
Functions
 
generate(bits, randfunc=None, progress_func=None)
Randomly generate a fresh, new DSA key.
 
construct(tup)
Construct a DSA key from a tuple of valid DSA components.
Function Details

generate(bits, randfunc=None, progress_func=None)

 
Randomly generate a fresh, new DSA key.
Parameters:
  • bits (int) - Key length, or size (in bits) of the DSA modulus p. It must be a multiple of 64, in the closed interval [512,1024].
  • randfunc (callable) - Random number generation function; it should accept a single integer N and return a string of random data N bytes long. If not specified, a new one will be instantiated from Crypto.Random.
  • progress_func (callable) - Optional function that will be called with a short string containing the key parameter currently being generated; it's useful for interactive applications where a user is waiting for a key to be generated.
Returns:
A DSA key object (_DSAobj).
Raises:
  • ValueError - When bits is too little, too big, or not a multiple of 64.

Attention: You should always use a cryptographically secure random number generator, such as the one defined in the Crypto.Random module; don't just use the current time and the random module.

construct(tup)

 

Construct a DSA key from a tuple of valid DSA components.

The modulus p must be a prime.

The following equations must apply:

  • p-1 = 0 mod q
  • g^x = y mod p
  • 0 < x < q
  • 1 < g < p
Parameters:
  • tup (tuple) - A tuple of long integers, with 4 or 5 items in the following order:

    1. Public key (y).
    2. Sub-group generator (g).
    3. Modulus, finite field order (p).
    4. Sub-group order (q).
    5. Private key (x). Optional.
Returns:
A DSA key object (_DSAobj).