DSA question

Werner Koch wk at isil.d.shuttle.de
Tue Mar 10 12:28:31 CET 1998


I have added some support for DSA, it is now possible to verify
PGP keys.  I coded signature creation too, but this is not yet

While I figured out, what kind of stuff PGP hashes to make a signature I
noticed, that for DSA signatures, the message digest is used directly as
input to the sign/verify function without mangling it with pad bytes
and ASN; so it is only 160 bits long.

For ElGamal signatures I use a frame of the complete size key size
and pad it similar to what PGP does for RSA signatures.
I guess that the padding with 0xff decreases performance a lot
(due to the g^hash mod p calculation) - any suggestion how to avoid this?

Werner                      (finger gcrypt at ftp.guug.de for info about GnuPG)

More information about the Gnupg-devel mailing list