DSA Implementation in GnuPG

Werner Koch wk at gnupg.org
Wed Jun 17 20:42:45 CEST 2009


On Wed, 17 Jun 2009 14:54, stefan.lorenz at stud.uni-saarland.de said:

> we are interested in the actual implementation of DSA in GnuPG, in

You should look at Libgcrypt which is used by GnuPG-2.

> particular we would like to know whether the primes p, q and the
> generator g are or can somehow be fixed during the key

That is possible; use the domain parameter.  Checkout the test programs
in libgcrypt/tests.  The libgcrypt manual describes several parameter:

<http://www.gnupg.org/documentation/manuals/gcrypt/General-public_002dkey-related-Functions.html>

Look for gcry_pk_genkey. 

> generation. Additionally we would like to know how the size of q is
> determined.

In non-FIPS mode we use the values take from the standard
(libgcrypt/cipher/dsa.c:generate):

  if (qbits)
    ; /* Caller supplied qbits.  Use this value.  */
  else if ( nbits >= 512 && nbits <= 1024 )
    qbits = 160;
  else if ( nbits == 2048 )
    qbits = 224;
  else if ( nbits == 3072 )
    qbits = 256;
  else if ( nbits == 7680 )
    qbits = 384;
  else if ( nbits == 15360 )
    qbits = 512;
  else
    return GPG_ERR_INV_VALUE;



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-devel mailing list