DSA Key generation, Sign file, Verify Signature

Generate DSA Keys 512 bit 1024 bit 2048 bit
Sign File Verify Signature Message

Signature genetaion required private key and file to be signed. Signature file will get downloaded Automatically

Signature Verification requires original file,signature file and public key

Support This Free Tool

Every coffee helps keep the servers running. Every book sale funds the next tool I'm dreaming up. You're not just supporting a site — you're helping me build what developers actually need.

500K+ users
200+ tools
100% private
One-time support Buy me a coffee 📚 Learn & support 9-Book Bundle - $9 Stay updated Follow @anish2good
Privacy Guarantee: Private keys you enter or generate are never stored on our servers. All tools are served over HTTPS.

DSA

DSA stands for “Digital Signature Algorithm” - and is specifically designed to produce digital signatures, not perform encryption.

DSA stands for “Digital Signature Algorithm” - and is specifically designed to produce digital signatures, not perform encryption.

  • The requirement for public/private keys in this system is for a slightly different purpose - whereas in RSA, a key is needed so anyone can encrypt, in DSA a key is needed so anyone can verify. In RSA, the private key allows decryption; in DSA, the private key allows signature creation.
  • DSA Private Key is used for generating Signature file
  • DSA public Key is used for Verifying the Signature.
  • DSA is a variant on the ElGamal and Schnorr algorithms creates a 320 bit signature, but with 512-1024 bit security security again rests on difficulty of computing discrete logarithms has been quite widely accepted

OpenSSL Commands for generating DSA Param, Singing File & verify File

 openssl dsaparam 2048 < /dev/random > dsa_param.pem
 openssl gendsa dsa_param.pem -out dsa_priv.pem
 openssl dsa -in dsa_priv.pem -pubout -out dsa_pub.pem

 # DSA system now made up of: dsa_param.pem, dsa_pub.pem, dsa_priv.pem

 echo "foobar" > foo.txt
 openssl sha1 < foo.txt > foo.txt.sha1
 openssl dgst -dss1 -sign dsa_priv.pem foo.txt.sha1 > foo.txt.sig
 openssl dgst -dss1 -verify dsa_pub.pem -signature foo.txt.sig foo.txt.sha1

DSA Key Generation

  1. firstly shared global public key values (p,q,g) are chosen:
  2. choose a large prime p = 2 power L where L= 512 to 1024 bits and is a multiple of 64
  3. choose q, a 160 bit prime factor of p-1
  4. choose g = h power (p-1)/q for any h1 then each user chooses a private key and computes their public key:
  5. choose x compute y = g power x(mod p)

DSA key generation is related to, but somewhat more complex than El Gamal. Mostly because of the use of the secondary 160-bit modulus q used to help speed up calculations and reduce the size of the resulting signature.

DSA Signature Creation and Verification

To sign a message M

  1. generate random signature key k, k compute
    r = (g power k(mod p))(mod q)
    s = k-1.SHA(M)+ x.r (mod q)
  1. send signature (r,s) with message

to verify a signature, compute:

  1. w = s-1(mod q)
  2. u1= (SHA(M).w)(mod q)
  3. u2= r.w(mod q)
  4. v = (g power u1.y power u2(mod p))(mod q)
    if v=r then the signature is verified
Quick Access