DSA key generation using domain parameters
Werner Koch
wk at gnupg.org
Wed Dec 10 13:11:16 CET 2008
Hi Ian,
I don't know whether this is useful for you: The latest Libgcrypt
supports the specification of domain parameters to create DSA keys:
`domain'
This is only meaningful for DLP algorithms. If specified
keys are generated with domain parameters taken from this
list. The exact format of this parameter depends on the
actual algorithm. It is currently only implemented for DSA
using this format:
(genkey
(dsa
(domain
(p P-MPI)
(q Q-MPI)
(g Q-MPI))))
`nbits' and `qbits' may not be specified because they are
derived from the domain parameters.
Example:
rc = gcry_sexp_new
(&key_spec,
"(genkey (dsa (transient-key)(domain"
"(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
"4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
"74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
"5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
"(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
"(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
"0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
"b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
"ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
")))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
rc = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (rc)
die ("error generating DSA key: %s\n", gcry_strerror (rc));
This should speed up key generation a lot because we don't need to
search for primes.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gcrypt-devel
mailing list