gnu.java.security.key.dss

Class FIPS186


public class FIPS186
extends Object

An implementation of the DSA parameters generation as described in FIPS-186.

References:

Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186. National Institute of Standards and Technology.

Field Summary

static int
DSA_PARAMS_COUNTER
static int
DSA_PARAMS_E
static int
DSA_PARAMS_G
static int
DSA_PARAMS_P
static int
DSA_PARAMS_Q
static int
DSA_PARAMS_SEED

Constructor Summary

FIPS186(int L, SecureRandom rnd)

Method Summary

BigInteger[]
generateParameters()
This method generates the DSS p, q, and g parameters only when L (the modulus length) is not one of the following: 512, 768 and 1024.

Methods inherited from class java.lang.Object

clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DSA_PARAMS_COUNTER

public static final int DSA_PARAMS_COUNTER
Field Value:
1

DSA_PARAMS_E

public static final int DSA_PARAMS_E
Field Value:
4

DSA_PARAMS_G

public static final int DSA_PARAMS_G
Field Value:
5

DSA_PARAMS_P

public static final int DSA_PARAMS_P
Field Value:
3

DSA_PARAMS_Q

public static final int DSA_PARAMS_Q
Field Value:
2

DSA_PARAMS_SEED

public static final int DSA_PARAMS_SEED
Field Value:
0

Constructor Details

FIPS186

public FIPS186(int L,
               SecureRandom rnd)

Method Details

generateParameters

public BigInteger[] generateParameters()
This method generates the DSS p, q, and g parameters only when L (the modulus length) is not one of the following: 512, 768 and 1024. For those values of L, this implementation uses pre-computed values of p, q, and g given in the document CryptoSpec included in the security guide documentation of the standard JDK distribution.

The DSS requires two primes , p and q, satisfying the following three conditions:

  • 2159 < q < 2160
  • 2L-1 < p < 2L for a specified L, where L = 512 + 64j for some 0 <= j <= 8
  • q divides p - 1.
The algorithm used to find these primes is as described in FIPS-186, section 2.2: GENERATION OF PRIMES. This prime generation scheme starts by using the Sha160 and a user supplied SEED to construct a prime, q, in the range 2159 < q < 2160. Once this is accomplished, the same SEED value is used to construct an X in the range 2L-1 < X < 2L. The prime, p, is then formed by rounding X to a number congruent to 1 mod 2q. In this implementation we use the same SEED value given in FIPS-186, Appendix 5.

FIPS186.java -- Copyright 2001, 2002, 2003, 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.