Deterministic DSA
Werner Koch
wk at gnupg.org
Mon Jul 29 15:25:36 CEST 2013
Hi,
I just pushed the last patch to support RFC-6979 style Deterministic DSA
to master. All prime field tests from the RFC (or well, the I-D) work
as expected. Using it is pretty straighforward:
const char *hashname = "sha256".
int hashalgo;
int digestlen;
char digest[32];
hashalgo = gcry_md_map_name (hashname);
if (!hashalgo)
die ("hash with name '%s' is not supported\n", tests[tno].hashname);
digestlen = gcry_md_get_algo_dlen (hashalgo);
if (digestlen > sizeof digest)
die ("internal error: digest does not fit into our buffer\n");
gcry_md_hash_buffer (hashalgo, digest, message, strlen (message));
err = gcry_sexp_build (&data, NULL,
"(data "
" (flags rfc6979)"
" (hash %s %b))",
hashname, digestlen, digest);
if (err)
die ("building data sexp failed: %s\n", gpg_strerror (err));
err = gcry_pk_sign (&sig, data, seckey);
You may now also use (hash ALGO BUFFER) instead of (value MPI) for
standard DSA. In that case Libgcrypt takes care of standard conforminf
truncation
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list