Hi,
I am trying to learn how DSA works by reading the book "Understanding
Cryptography" by Christof Paar and Jan Pelzl.
I also understand that DSA is now deprecated as per FIPS 186-5 (Feb, 2023)
and ECDSA is preferred.
However just for learning purpose I was experimenting with DSA param
generation, key generation and cert generation using openssl.
As per the book, the recommended size for p and q values are:
p = 1024 bits, q = 160 bits
p = 2048 bits, q = 224 bits
p = 3072 bits, q = 256 bits.
>From the book, I also understand that the length of the DSA signature r and
s size will be the same as q size.
Thus if q = 160 bits, then r size is also 160 bits and s size is also 160
bits.
I used openssl:
$ openssl version
OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024)
and created a dsaparam file for 1024 bit key size and using that param
file, generated a dsakey.
$ openssl dsaparam -in dsaparam.pem -text -noout
DSA-Parameters: (1024 bit)
P:
00:89:8b:28:2d:ae:59:55:19:de:ef:79:a8:f0:f1:
44:39:b4:ee:32:fc:48:38:7e:bd:4a:d0:d7:ea:02:
b1:e8:12:65:d4:f9:3e:ef:bb:03:d6:85:33:91:fa:
a0:0f:88:96:a2:06:16:84:e6:6d:8c:41:ad:f7:ab:
51:59:44:5d:df:c6:06:66:08:51:2b:f5:3c:1e:02:
35:2a:78:1a:9b:7e:0c:d1:65:e6:0a:c5:63:ca:3a:
58:84:6b:ff:b8:4a:9a:b7:97:a0:3d:6b:ba:e4:02:
a9:97:fb:e8:98:4e:a4:42:8f:31:20:3d:31:50:31:
00:7a:b0:01:37:80:f6:f8:15
Q:
00:d5:eb:71:18:25:4e:6c:b9:e0:20:92:02:f4:86:
5f:d9:cd:66:cc:ff:89:33:86:54:c6:19:90:f5
G:
52:02:50:73:17:4f:12:35:f6:11:ed:c6:c1:b8:01:
b4:e5:cf:5f:05:a4:6b:f8:d4:a5:d9:3e:a9:7a:97:
f3:d2:db:28:4a:57:2e:a3:f4:a7:fc:16:65:75:9a:
5d:67:b0:a8:ac:43:21:24:53:48:23:e3:13:52:ce:
a3:b7:7e:85:b9:0f:51:e8:fe:32:16:12:82:16:44:
29:85:83:eb:8e:3e:dd:9c:38:49:de:da:44:85:d1:
31:01:20:c7:43:1f:30:3e:f3:a6:50:36:ee:e5:66:
1c:40:a2:ca:1d:39:78:a5:4a:4a:04:83:15:df:4a:
69:1c:d2:4f:ac:36:74:78
=======
Here the size of q is 28 bytes (ignore the leading 0x00 byte). so 28*8 =
224 bits.
I was expecting a q size of 160 bits, but here it is 224 bits. Why?
Using above param, I generated a dsa key.
Using that key, I created a self signed cert for testing purpose.
-------------
$ openssl x509 -in ./dsacert.pem -text -nooout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:40:b1:22:44:be:69:bc:36:01:25:a7:d0:c3:5d:33:0d:21:cc:eb
Signature Algorithm: dsa_with_SHA256
Issuer: C = SG, ST = SG, L = Suntec, O = F5, OU = ES, CN =
www.dsa1024eg.com, emailAddress = mksa...@gmail.com
Validity
Not Before: Jul 23 16:53:09 2024 GMT
Not After : Aug 22 16:53:09 2024 GMT
Subject: C = SG, ST = SG, L = Suntec, O = F5, OU = ES, CN =
www.dsa1024eg.com, emailAddress = mksa...@gmail.com
Subject Public Key Info:
Public Key Algorithm: dsaEncryption
Public-Key: (1024 bit)
pub:
0b:10:f8:f9:59:75:02:00:b3:b0:c7:4f:20:01:fe:
6b:6b:a0:1e:3c:44:b5:4c:e4:fb:16:39:1c:12:d8:
14:5d:ee:73:28:14:57:40:40:59:8f:37:54:7f:b8:
12:fd:55:5a:40:73:36:63:b7:1c:3f:39:87:76:56:
8b:8b:9c:df:41:a9:c6:56:ed:34:cb:5c:d2:db:55:
d4:37:d4:b1:59:25:b6:6a:7d:5c:61:9b:39:9a:6a:
a7:27:ac:2f:43:65:7f:53:76:bb:98:91:f0:f0:9c:
1d:99:88:43:44:4e:3c:c1:43:30:09:06:7b:c7:ad:
38:27:3a:6b:38:56:7e:38
P:
00:89:8b:28:2d:ae:59:55:19:de:ef:79:a8:f0:f1:
44:39:b4:ee:32:fc:48:38:7e:bd:4a:d0:d7:ea:02:
b1:e8:12:65:d4:f9:3e:ef:bb:03:d6:85:33:91:fa:
a0:0f:88:96:a2:06:16:84:e6:6d:8c:41:ad:f7:ab:
51:59:44:5d:df:c6:06:66:08:51:2b:f5:3c:1e:02:
35:2a:78:1a:9b:7e:0c:d1:65:e6:0a:c5:63:ca:3a:
58:84:6b:ff:b8:4a:9a:b7:97:a0:3d:6b:ba:e4:02:
a9:97:fb:e8:98:4e:a4:42:8f:31:20:3d:31:50:31:
00:7a:b0:01:37:80:f6:f8:15
Q:
00:d5:eb:71:18:25:4e:6c:b9:e0:20:92:02:f4:86:
5f:d9:cd:66:cc:ff:89:33:86:54:c6:19:90:f5
G:
52:02:50:73:17:4f:12:35:f6:11:ed:c6:c1:b8:01:
b4:e5:cf:5f:05:a4:6b:f8:d4:a5:d9:3e:a9:7a:97:
f3:d2:db:28:4a:57:2e:a3:f4:a7:fc:16:65:75:9a:
5d:67:b0:a8:ac:43:21:24:53:48:23:e3:13:52:ce:
a3:b7:7e:85:b9:0f:51:e8:fe:32:16:12:82:16:44:
29:85:83:eb:8e:3e:dd:9c:38:49:de:da:44:85:d1:
31:01:20:c7:43:1f:30:3e:f3:a6:50:36:ee:e5:66:
1c:40:a2:ca:1d:39:78:a5:4a:4a:04:83:15:df:4a:
69:1c:d2:4f:ac:36:74:78
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:C6:63:46:C2:50:2C:24:9C:09:0F:2C:52:32:16:20:0B:B5:70:69
X509v3 Authority Key Identifier:
2E:C6:63:46:C2:50:2C:24:9C:09:0F:2C:52:32:16:20:0B:B5:70:69
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: dsa_with_SHA256
Signature Value:
r:
2e:89:a2:92:51:f1:a8:94:0a:46:44:d5:4b:2d:d4:
ce:3f:50:1a:52:92:57:3e:5a:52:13:00:3e
s:
2d:d7:fd:72:83:2a:27:1a:2a:72:c6:ad:68:10:9a:
a0:26:00:27:fa:68:18:6e:58:81:01:60:68
-----------------
Here the r and s size are 28 = 28*8 = 224 bits which is same size as q size
as expected (here q size = 224 bits) since it is a self-signed cert.
But my question is why q is not 160 bits but instead 224 bits was used by
openssl since the FIPS 186 standard clearly says to use q size 160 bits for
p size 1024 bits?
Can someone familiar with the topic, clarify my doubt please? Maybe I
missed some fine points in the standard.
Sorry if my question looks stupid and basic, I am just trying to learn
cryptography on my own by reading books, watching professors lecture online
and self experimentation.
with regards,
M K Saravanan
