< Day Day Up > |
DSA Signature is required by the XML Signature specification: DSA is only for signatures; it is not defined for encryption the way RSA is. Even though DSA is required, RSA is still officially the recommended approach [1] .
The DSA algorithm is composed of three phases: parameter generation, key generation, signing and verifying. Like RSA, the private key is used for signing and the public key for verifying a signature. Private and public keys, x and y respectively, are generated from parameters called p, q , and g. p is the prime, q is the subprime, and g is the base. Parameter generation uses primality testing and modular exponentiation. After the parameters have been generated, computation of the keys is relatively fast. Key generation chooses a random private key x that is related to q , and then the public key y is generated from x . DSA Key GenerationIn the following sections, we will show how the DSA algorithm works. Used in the algorithm are a series of terms we define here:
DSA message signing and verification make use of the one-way hash function SHA1, which we will refer to as H ( m ) for an input message m . Given public parameters p, q , and g and the private key x , a message is signed. Signature verification uses the same public parameters and the public key y . DSA Algorithm OperationThe DSA algorithm operates by first having the sender generate a random number k , less than q . Next, the sender generates
The parameters r and s are the sender's signature; they are sent to the recipient along with the original message m . The recipient verifies the signature by computing
If v = r , then the DSA signature is verified . |
< Day Day Up > |