Module DSA
DSA public-key signature algorithm.
DSA is a widespread public-key signature algorithm. Its security is
based on the discrete logarithm problem (DLP). Given a cyclic
group, a generator g, and an element h, it is hard
to find an integer x such that g^x = h. The problem is believed
to be difficult, and it has been proved such (and therefore secure) for
more than 30 years.
The group is actually a sub-group over the integers modulo p, with p prime.
The sub-group order is q, which is prime too; it always holds that (p-1) is a multiple of q.
The cryptographic strength is linked to the magnitude of p and q.
The signer holds a value x (0<x<q-1) as private key, and its public
key (y where y=g^x mod p) is distributed.
In 2012, a sufficient size is deemed to be 2048 bits for p and 256 bits for q.
For more information, see the most recent ECRYPT report.
DSA is reasonably secure for new designs.
The algorithm can only be used for authentication (digital signature).
DSA cannot be used for confidentiality (encryption).
The values (p,q,g) are called domain parameters;
they are not sensitive but must be shared by both parties (the signer and the verifier).
Different signers can share the same domain parameters with no security
concerns.
The DSA signature is twice as big as the size of q (64 bytes if q is 256 bit
long).
This module provides facilities for generating new DSA keys and for constructing
them from known components. DSA keys allows you to perform basic signing and
verification.
>>> from Crypto.Random import random
>>> from Crypto.PublicKey import DSA
>>> from Crypto.Hash import SHA256
>>>
>>> message = "Hello"
>>> key = DSA.generate(2048)
>>> f = open("public_key.pem", "w")
>>> f.write(key.publickey().exportKey(key))
>>> h = SHA256.new(message).digest()
>>> k = random.StrongRandom().randint(1,key.q-1)
>>> sig = key.sign(h,k)
>>> ...
>>> ...
>>> f = open("public_key.pem", "r")
>>> h = SHA256.new(message).digest()
>>> key = DSA.importKey(f.read())
>>> if key.verify(h,sig):
>>> print "OK"
>>> else:
>>> print "Incorrect signature"
|
generate(bits,
randfunc=None,
progress_func=None)
Randomly generate a fresh, new DSA key. |
|
|
|
construct(tup)
Construct a DSA key from a tuple of valid DSA components. |
|
|
|
importKey(extern_key,
passphrase=None)
Import a DSA key (public or private). |
|
|
generate(bits,
randfunc=None,
progress_func=None)
|
|
Randomly generate a fresh, new DSA key.
- Parameters:
bits (int) - Key length, or size (in bits) of the DSA modulus
p.
It must be a multiple of 64, in the closed
interval [512,1024].
randfunc (callable) - Random number generation function; it should accept
a single integer N and return a string of random data
N bytes long.
If not specified, a new one will be instantiated
from Crypto.Random.
progress_func (callable) - Optional function that will be called with a short string
containing the key parameter currently being generated;
it's useful for interactive applications where a user is
waiting for a key to be generated.
- Returns:
- A DSA key object (_DSAobj).
- Raises:
ValueError - When bits is too little, too big, or not a multiple of 64.
Attention:
You should always use a cryptographically secure random number generator,
such as the one defined in the Crypto.Random module; don't just use the
current time and the random module.
|
Construct a DSA key from a tuple of valid DSA components.
The modulus p must be a prime.
The following equations must apply:
- p-1 = 0 mod q
- g^x = y mod p
- 0 < x < q
- 1 < g < p
- Parameters:
- Returns:
- A DSA key object (_DSAobj).
|
importKey(extern_key,
passphrase=None)
|
|
Import a DSA key (public or private).
- Parameters:
extern_key ((byte) string) - The DSA key to import.
An DSA public key can be in any of the following formats:
- X.509 subjectPublicKeyInfo (binary or PEM)
- OpenSSH (one line of text, see RFC4253)
A DSA private key can be in any of the following formats:
- PKCS#8 PrivateKeyInfo or EncryptedPrivateKeyInfo
DER SEQUENCE (binary or PEM encoding)
- OpenSSL/OpenSSH (binary or PEM)
For details about the PEM encoding, see RFC1421/RFC1423.
The private key may be encrypted by means of a certain pass phrase
either at the PEM level or at the PKCS#8 level.
passphrase (string) - In case of an encrypted private key, this is the pass phrase
from which the decryption key is derived.
- Returns:
- A DSA key object (_DSAobj).
- Raises:
ValueError - When the given key cannot be parsed (possibly because
the pass phrase is wrong).
|