DSA public 密钥大于私钥
DSA public key bigger than private key
如果我使用 Crypto++ 为 DSA 生成私有和 public 密钥:
CryptoPP::AutoSeededRandomPool rng;
CryptoPP::DSA::PrivateKey privateKey;
privateKey.GenerateRandomWithKeySize(rng, 2048);
CryptoPP::DSA::PublicKey publicKey;
privateKey.MakePublicKey(publicKey);
当我像这样对私钥进行编码时:
CryptoPP::ByteQueue privateKeyQueue;
key.DEREncodePrivateKey(privateKeyQueue);
然后推送到队列的私钥信息小于public密钥的编码数据:
CryptoPP::ByteQueue publicKeyQueue;
key.DEREncodePublicKey(publicKeyQueue);
这是预期的吗?这是生成将与他人共享的 public 密钥的正确方法吗?
我以前只用过 RSA,public 密钥比私钥小得多。
所以...小心点,因为模运算不是我的强项...
我的信息来源在这里:
https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Choose an approved cryptographic hash function H. In the original DSS, H was always SHA-1, but the stronger SHA-2 hash functions are approved for use in the current DSS.[5][9] The hash output may be truncated to the size of a key pair.
Decide on a key length L and N. This is the primary measure of the cryptographic strength of the key. The original DSS constrained L to be a multiple of 64 between 512 and 1024 (inclusive). NIST 800-57 recommends lengths of 2048 (or 3072) for keys with security lifetimes extending beyond 2010 (or 2030), using correspondingly longer N.[10] FIPS 186-3 specifies L and N length pairs of (1024,160), (2048,224), (2048,256), and (3072,256).
Choose an N-bit prime q. N must be less than or equal to the hash output length.
(所以 q 是 N 位长 - 对于 3072 位密钥来说是 256)
Choose an L-bit prime modulus p such that p–1 is a multiple of q.
Choose g, a number whose multiplicative order modulo p is q. This may be done by setting g = h(p–1)/q mod p for some arbitrary h (1 < h < p−1), and trying again with a different h if the result comes out as 1. Most choices of h will lead to a usable g; commonly h=2 is used.
(所以 p 的长度为 3072 位)
算法参数(p、q、g)可以在系统的不同用户之间共享。
Per-user keys
Given a set of parameters, the second phase computes private and public keys for a single user:
Choose x by some random method, where 0 < x < q.
Calculate y = gx mod p.
Public key is (p, q, g, y).
public 密钥中有一个 p - 因此它必须至少有 3072 位长
Private key is x.
因为 x 取决于 q,所以它将有(在我们的例子中)256 位——这是私钥长度。
这看起来合理吗?
如果我使用 Crypto++ 为 DSA 生成私有和 public 密钥:
CryptoPP::AutoSeededRandomPool rng;
CryptoPP::DSA::PrivateKey privateKey;
privateKey.GenerateRandomWithKeySize(rng, 2048);
CryptoPP::DSA::PublicKey publicKey;
privateKey.MakePublicKey(publicKey);
当我像这样对私钥进行编码时:
CryptoPP::ByteQueue privateKeyQueue;
key.DEREncodePrivateKey(privateKeyQueue);
然后推送到队列的私钥信息小于public密钥的编码数据:
CryptoPP::ByteQueue publicKeyQueue;
key.DEREncodePublicKey(publicKeyQueue);
这是预期的吗?这是生成将与他人共享的 public 密钥的正确方法吗?
我以前只用过 RSA,public 密钥比私钥小得多。
所以...小心点,因为模运算不是我的强项...
我的信息来源在这里:
https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Choose an approved cryptographic hash function H. In the original DSS, H was always SHA-1, but the stronger SHA-2 hash functions are approved for use in the current DSS.[5][9] The hash output may be truncated to the size of a key pair.
Decide on a key length L and N. This is the primary measure of the cryptographic strength of the key. The original DSS constrained L to be a multiple of 64 between 512 and 1024 (inclusive). NIST 800-57 recommends lengths of 2048 (or 3072) for keys with security lifetimes extending beyond 2010 (or 2030), using correspondingly longer N.[10] FIPS 186-3 specifies L and N length pairs of (1024,160), (2048,224), (2048,256), and (3072,256).
Choose an N-bit prime q. N must be less than or equal to the hash output length.
(所以 q 是 N 位长 - 对于 3072 位密钥来说是 256)
Choose an L-bit prime modulus p such that p–1 is a multiple of q. Choose g, a number whose multiplicative order modulo p is q. This may be done by setting g = h(p–1)/q mod p for some arbitrary h (1 < h < p−1), and trying again with a different h if the result comes out as 1. Most choices of h will lead to a usable g; commonly h=2 is used.
(所以 p 的长度为 3072 位)
算法参数(p、q、g)可以在系统的不同用户之间共享。
Per-user keys
Given a set of parameters, the second phase computes private and public keys for a single user:
Choose x by some random method, where 0 < x < q. Calculate y = gx mod p.
Public key is (p, q, g, y).
public 密钥中有一个 p - 因此它必须至少有 3072 位长
Private key is x.
因为 x 取决于 q,所以它将有(在我们的例子中)256 位——这是私钥长度。
这看起来合理吗?