I did some quick research and found this: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm If my understanding is correct, the public key is (p, q, g, y). The private key would be x, such that y = g^x mod p. Is there some way to generate both public and private keys using OpenSSL, based on p, q, g and y? De: openssl-users [mailto:openssl-users-bounces at openssl.org] Em nome de Marcus Vinicius do Nascimento Enviada em: ter?a-feira, 12 de maio de 2015 17:06 Para: openssl-users at openssl.org Assunto: [openssl-users] RES: Testing OpenSSL based solution Thanks for both answers. I tried using Y as the public key, but ssl seems not to accept that. Here is the error scenario: >From the FIP file: [mod = 1024] P = fda5442483ccf7a12399d6c13d56ff882d689524f1885fcb7424e26da2d200a1657b631dcc74 c73ecbd89fe42cc554b7062835c73d7203161e09742392b2b7c75253eea04a0b55d511646fbe 2e81a9d80463e956527f8d6d42f4193984d5dcc6a8dadff80f31e44405840828581f013e0748 59b885908aaab30d87660bbaf8cb Q = dc678f95c673538f74dcbf67a80454c843937795 G = efd89f2dcf6e6a6a77cf18f238b2419de127864218eb4550c9e1a73085f97d7988322d7eea91 590646373aa66f7a3d0994cb5ac741a19874eb9e79862b000e5978f3305bb70be4f987a12a68 6167316e663f4de995b36e74062e39a79a4b30e4d36977276e3d33c5165911d303d5682f8e0a 96c510e1d9606d09b5573a675362 Msg = 58b7b3639a8d99babfe57f814024c5e7a0893bcf47b692768e6c11561796894b5f898bf5968a d85dae9019dbb24cd13759678f0edb0b687703a4a4e785e8b85293157593ab797e0eb338ff94 474a9c8752c3a83edb5798aa221db73aec931bfd1be3d70781647215f6649874a825101eb325 ee27f2a20a57145eb019f2a09993 Y = 808998aecbc5ab4679bf215e2166b371d249bb6e4bfc3404f2bcd2aaf61770851d236668252a 11f061fb54067ddaa97ed7bf5a5c836db02e5b1f9f1a627ac1eb2dcfa484ed5fef383f4bae7a a18a3ef9ea94bab83439ccf261ec52529f298050b27df185eecccf8caa44b529c8fcbd88c6a3 3cc42b5b17244ea9e1099686a92b R = 33bf9a15b6823e7c5583f94bcea2f0439a881f8c S = 48feaff1ec4803fb88fdc70773d9ac7b84905d3a Result = P So I tried reformatting Y to pass it to PEM_read_bio_DSAPrivateKey. Converting Y to Base64 = "gImYrsvFq0Z5vyFeIWazcdJJu25L/DQE8rzSqvYXcIUdI2ZoJSoR8GH7VAZ92ql+179aXINtsC5 bH58aYnrB6y3PpITtX+84P0uueqGKPvnqlLq4NDnM8mHsUlKfKYBQsn3xhe7Mz4yqRLUpyPy9iMa jPMQrWxckTqnhCZaGqSs=" Reformatting in PEM format = "-----BEGIN DSA PRIVATE KEY----- gImYrsvFq0Z5vyFeIWazcdJJu25L/DQE8rzSqvYXcIUdI2ZoJSoR8GH7VAZ92ql+ 179aXINtsC5bH58aYnrB6y3PpITtX+84P0uueqGKPvnqlLq4NDnM8mHsUlKfKYBQ sn3xhe7Mz4yqRLUpyPy9iMajPMQrWxckTqnhCZaGqSs= -----END DSA PRIVATE KEY----- " Code that matters: BIO * keybio = BIO_new_mem_buf(const_cast<char *>(key.c_str()), -1); if (keybio == NULL) { errormsg = "Can not create DSA key"; return 0; } DSA *dsa = PEM_read_bio_DSAPrivateKey(keybio, &dsa, NULL, NULL); if (dsa == NULL) { errormsg = "Can not read DSA key"; } return dsa; PEM_read_bio_DSAPrivateKey fails. Am I missing something here? De: openssl-users [mailto:openssl-users-bounces at openssl.org] Em nome de Jakob Bohm Enviada em: ter?a-feira, 12 de maio de 2015 15:42 Para: openssl-users at openssl.org Assunto: Re: [openssl-users] Testing OpenSSL based solution On 12/05/2015 20:10, Salz, Rich wrote: You can't easily have test vectors for DSA signatures since they include a random. Any test vector would have to include the random, and any API would have to be able to accept the random as part of the "sign" API. Verification should be okay. What Mr. Salz refers to by "Verification should be okay" is probably this: You can have test vectors in the form of known good signatures with public keys listed in the test vector. For DSA, those would be the (message, y, r, s) quads mentioned by the OP (y is the public key, (r, s) is the signature), depending on his class library, it might be possible to reformat those vectors to the format used by his code for real messages. The importance of such test vectors is to detect if an implementation is accidentally implementing a different signature algorithm (such as accidentally appending a 0 byte to each message both during signing and verification). This would not be detected by signing and verifying sample messages with random parameters. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150512/cb158d64/attachment.html>
