DSA Implementation in GnuPG
Werner Koch
wk at gnupg.org
Wed Jun 17 20:42:45 CEST 2009
On Wed, 17 Jun 2009 14:54, stefan.lorenz at stud.uni-saarland.de said:
> we are interested in the actual implementation of DSA in GnuPG, in
You should look at Libgcrypt which is used by GnuPG-2.
> particular we would like to know whether the primes p, q and the
> generator g are or can somehow be fixed during the key
That is possible; use the domain parameter. Checkout the test programs
in libgcrypt/tests. The libgcrypt manual describes several parameter:
<http://www.gnupg.org/documentation/manuals/gcrypt/General-public_002dkey-related-Functions.html>
Look for gcry_pk_genkey.
> generation. Additionally we would like to know how the size of q is
> determined.
In non-FIPS mode we use the values take from the standard
(libgcrypt/cipher/dsa.c:generate):
if (qbits)
; /* Caller supplied qbits. Use this value. */
else if ( nbits >= 512 && nbits <= 1024 )
qbits = 160;
else if ( nbits == 2048 )
qbits = 224;
else if ( nbits == 3072 )
qbits = 256;
else if ( nbits == 7680 )
qbits = 384;
else if ( nbits == 15360 )
qbits = 512;
else
return GPG_ERR_INV_VALUE;
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel
mailing list