DSA key generation using domain parameters

Werner Koch wk at gnupg.org
Wed Dec 10 13:11:16 CET 2008

Hi Ian,

I don't know whether this is useful for you: The latest Libgcrypt
supports the specification of domain parameters to create DSA keys:

          This is only meaningful for DLP algorithms.  If specified
          keys are generated with domain parameters taken from this
          list.  The exact format of this parameter depends on the
          actual algorithm.  It is currently only implemented for DSA
          using this format:

                     (p P-MPI)
                     (q Q-MPI)
                     (g Q-MPI))))

          `nbits' and `qbits' may not be specified because they are
          derived from the domain parameters.


  rc = gcry_sexp_new 
     "(genkey (dsa (transient-key)(domain"
     "(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
     "(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
     "(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
     ")))", 0, 1);
  if (rc)
    die ("error creating S-expression: %s\n", gcry_strerror (rc));
  rc = gcry_pk_genkey (&key, key_spec);
  gcry_sexp_release (key_spec);
  if (rc)
    die ("error generating DSA key: %s\n", gcry_strerror (rc));

This should speed up key generation a lot because we don't need to
search for primes.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gcrypt-devel mailing list