Deterministic DSA

Werner Koch wk at
Mon Jul 29 15:25:36 CEST 2013


I just pushed the last patch to support RFC-6979 style Deterministic DSA
to master.  All prime field tests from the RFC (or well, the I-D) work
as expected.  Using it is pretty straighforward:

      const char *hashname = "sha256".
      int hashalgo;
      int digestlen;
      char digest[32];

      hashalgo = gcry_md_map_name (hashname);
      if (!hashalgo)
        die ("hash with name '%s' is not supported\n", tests[tno].hashname);
      digestlen = gcry_md_get_algo_dlen (hashalgo);
      if (digestlen > sizeof digest)
        die ("internal error: digest does not fit into our buffer\n");

      gcry_md_hash_buffer (hashalgo, digest, message, strlen (message));

      err = gcry_sexp_build (&data, NULL,
                             "(data "
                             " (flags rfc6979)"
                             " (hash %s %b))",
                             hashname, digestlen, digest);
      if (err)
        die ("building data sexp failed: %s\n", gpg_strerror (err));

      err = gcry_pk_sign (&sig, data, seckey);

You may now also use (hash ALGO BUFFER) instead of (value MPI) for
standard DSA.  In that case Libgcrypt takes care of standard conforminf



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list