**Cryptography Tutorials - Herong's Tutorial Examples** - Version 5.32, by Dr. Herong Yang

What Is DSA (Digital Signature Algorithm)?

This section describes the DSA (Digital Signature Algorithm) algorithm, which consists of 2 parts: generation of a pair of public key and private key; generation and verification of digital signature.

**What Is DSA (Digital Signature Algorithm)?**
DSA is a United States Federal Government standard for digital signatures.
It was proposed by the National Institute of Standards and Technology (NIST) in August 1991
for use in their Digital Signature Standard (DSS), specified in FIPS 186 in 1993.

The first part of the DSA algorithm is the public key and private key generation, which can be described as:

- Choose a prime number q, which is called the prime divisor.
- Choose another primer number p, such that p-1 mod q = 0. p is called the prime modulus.
- Choose an integer g, such that 1 < g < p, g**q mod p = 1 and g = h**((p–1)/q) mod p. q is also called g's multiplicative order modulo p.
- Choose an integer, such that 0 < x < q.
- Compute y as g**x mod p.
- Package the public key as {p,q,g,y}.
- Package the private key as {p,q,g,x}.

The second part of the DSA algorithm is the signature generation and signature verification, which can be described as:

To generate a message signature, the sender can follow these steps:

- Generate the message digest h, using a hash algorithm like SHA1.
- Generate a random number k, such that 0 < k < q.
- Compute r as (g**k mod p) mod q. If r = 0, select a different k.
- Compute i, such that k*i mod q = 1. i is called the modular multiplicative inverse of k modulo q.
- Compute s = i*(h+r*x) mod q. If s = 0, select a different k.
- Package the digital signature as {r,s}.

To verify a message signature, the receiver of the message and the digital signature can follow these steps:

- Generate the message digest h, using the same hash algorithm.
- Compute w, such that s*w mod q = 1. w is called the modular multiplicative inverse of s modulo q.
- Compute u1 = h*w mod q.
- Compute u2 = r*w mod q.
- Compute v = (((g**u1)*(y**u2)) mod p) mod q.
- If v == r, the digital signature is valid.

*Last update: 2013.*

Table of Contents

Introduction to AES (Advanced Encryption Standard)

DES Algorithm - Illustrated with Java Programs

DES Algorithm Java Implementation

DES Algorithm - Java Implementation in JDK JCE

DES Encryption Operation Modes

PHP Implementation of DES - mcrypt

Blowfish - 8-Byte Block Cipher

Secret Key Generation and Management

Cipher - Secret Key Encryption and Decryption

RSA Implementation using java.math.BigInteger Class

►Introduction of DSA (Digital Signature Algorithm)

►What Is DSA (Digital Signature Algorithm)?

Illustration of DSA Algorithm: p,q=7,3

Illustration of DSA Algorithm: p,q=23,11

Illustration of DSA Algorithm with Different k and h

Proof of DSA Digital Signature Algorithm

Java Default Implementation of DSA

Private key and Public Key Pair Generation

PKCS#8/X.509 Private/Public Encoding Standards

Cipher - Public Key Encryption and Decryption

OpenSSL Introduction and Installation

OpenSSL Generating and Managing RSA Keys

OpenSSL Generating and Signing CSR

OpenSSL Validating Certificate Path

"keytool" and "keystore" from JDK

"OpenSSL" Signing CSR Generated by "keytool"

Migrating Keys from "keystore" to "OpenSSL" Key Files

Certificate X.509 Standard and DER/PEM Formats

Migrating Keys from "OpenSSL" Key Files to "keystore"

Using Certificates in IE (Internet Explorer)