Re: GDSA: Bit length of private key
The reason that happens is that GDSA assumes if the modulus size is 2048, there is no reason to use a private exponent longer than about 226 bits since that wouldn't add more security. If you need to work around this, you can generate the private exponent yourself, and then call SetPrivateExponent() on the private key. -- From: "Ingo Naumann" Sent: Tuesday, August 24, 2010 6:44 AM To: "Crypto++ Users" Subject: GDSA: Bit length of private key Hi All, I haven't received an answer, so I am giving it another try Does anybody have a clue? Ingo -- Forwarded message -- From: Ingo Naumann Date: Fri, Aug 13, 2010 at 3:44 PM Subject: GDSA: Bit length of private key To: Crypto++ Users Hi Wei and All, I am experiencing problems with DSA key generation. For some reasons, when I select the pair (2048 bit, 256 bit) as parameter size, only the prime divisor q is of 256 bit, but the private key (x) is of 224 bit. The other three values are ok. It does work properly with the other two "long" combinations (3072 bit, 256 bit) and (2048 bit, 224 bit), as specified by FIPS 186-3, chapter 4.2. See code and example below. Any clues? Is that a bug in the library or am I missing something? Ingo Source: CryptoPP::AutoSeededRandomPool rng; CryptoPP::GDSA::Signer GDSAprKey; // Generate Private Key GDSAprKey.AccessKey().GenerateRandom(rng, CryptoPP::MakeParameters(CryptoPP::Name::M odulusSize(), L)(CryptoPP::Name::SubgroupOrderSize(), N)); Table: S: SHA1 L: 1024, N: 160 -- q: 160 bits, x: 224 bits S: SHA224 L: 2048, N: 224 -- q: 224 bits, x: 224 bits L: 2048, N: 256 -- q: 256 bits, x: 224 bits (!) L: 3072, N: 256 -- q: 256 bits, x: 256 bits S: SHA256 L: 2048, N: 256 -- q: 256 bits, x: 224 bits (!) L: 3072, N: 256 -- q: 256 bits, x: 256 bits Private Key (S=SHA256, L=2048, N=256): 30 : SEQUENCE (Length: 0x261) 02 : Integer (Length: 0x01) 00 30 : SEQUENCE (Length: 0x239) 06 : Object Identifier (OID): 1.2.840.10040.4.1 dsa 30 : SEQUENCE (Length: 0x22C) 02 : Integer (Length: 0x101) 00 AF A3 1E F2 96 B6 2B 67 FB BA 25 E3 CB F4 AC C0 A1 65 37 32 28 0E 79 82 7B DD D3 A4 21 09 99 5F F8 BB 19 4F 5E 26 CB F4 6A 55 B0 D1 CF BE B7 73 47 16 90 76 A8 88 1E 0B 47 C1 68 58 E7 E7 75 33 BC 2B 5F 34 38 C0 60 0B B1 62 5A 4D 44 CB 62 BA [0xB0 bytes skipped.] 02 : Integer (Length: 0x21) 00 A1 FA 6E 89 04 90 F7 8C 26 69 69 EB 5E 57 01 B8 1A 8C 76 E9 E7 6E F8 B6 64 AE F2 B5 2F C1 E2 D7 02 : Integer (Length: 0x100) 0C 8E 25 A6 59 FB F6 87 6D 04 0E CD D3 8B A8 40 AD 49 BC 36 97 F7 D1 15 83 66 9C CD A5 E9 FD FA 77 50 7D 86 23 CC 37 F0 71 8B 21 63 24 13 4C 48 A6 2D F9 20 FE F6 49 DE B3 94 C4 93 CB D4 BD 60 97 DF 8E 11 5B 20 B6 01 EC C6 3F 95 4D 27 F0 35 [0xB0 bytes skipped.] 04 : Octet String (Length: 0x1F) 02 : Integer (Length: 0x1D) 03 3E 86 6B 8C 09 DD BB 39 01 F6 A3 72 1C 97 F5 47 87 55 DC C8 3D 12 14 8E D4 5C F2 9A -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com. -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com.
GDSA: Bit length of private key
Hi All, I haven't received an answer, so I am giving it another try Does anybody have a clue? Ingo -- Forwarded message -- From: Ingo Naumann Date: Fri, Aug 13, 2010 at 3:44 PM Subject: GDSA: Bit length of private key To: Crypto++ Users Hi Wei and All, I am experiencing problems with DSA key generation. For some reasons, when I select the pair (2048 bit, 256 bit) as parameter size, only the prime divisor q is of 256 bit, but the private key (x) is of 224 bit. The other three values are ok. It does work properly with the other two "long" combinations (3072 bit, 256 bit) and (2048 bit, 224 bit), as specified by FIPS 186-3, chapter 4.2. See code and example below. Any clues? Is that a bug in the library or am I missing something? Ingo Source: CryptoPP::AutoSeededRandomPool rng; CryptoPP::GDSA::Signer GDSAprKey; // Generate Private Key GDSAprKey.AccessKey().GenerateRandom(rng, CryptoPP::MakeParameters(CryptoPP::Name::M odulusSize(), L)(CryptoPP::Name::SubgroupOrderSize(), N)); Table: S: SHA1 L: 1024, N: 160 -- q: 160 bits, x: 224 bits S: SHA224 L: 2048, N: 224 -- q: 224 bits, x: 224 bits L: 2048, N: 256 -- q: 256 bits, x: 224 bits (!) L: 3072, N: 256 -- q: 256 bits, x: 256 bits S: SHA256 L: 2048, N: 256 -- q: 256 bits, x: 224 bits (!) L: 3072, N: 256 -- q: 256 bits, x: 256 bits Private Key (S=SHA256, L=2048, N=256): 30 : SEQUENCE (Length: 0x261) 02 : Integer (Length: 0x01) 00 30 : SEQUENCE (Length: 0x239) 06 : Object Identifier (OID): 1.2.840.10040.4.1 dsa 30 : SEQUENCE (Length: 0x22C) 02 : Integer (Length: 0x101) 00 AF A3 1E F2 96 B6 2B 67 FB BA 25 E3 CB F4 AC C0 A1 65 37 32 28 0E 79 82 7B DD D3 A4 21 09 99 5F F8 BB 19 4F 5E 26 CB F4 6A 55 B0 D1 CF BE B7 73 47 16 90 76 A8 88 1E 0B 47 C1 68 58 E7 E7 75 33 BC 2B 5F 34 38 C0 60 0B B1 62 5A 4D 44 CB 62 BA [0xB0 bytes skipped.] 02 : Integer (Length: 0x21) 00 A1 FA 6E 89 04 90 F7 8C 26 69 69 EB 5E 57 01 B8 1A 8C 76 E9 E7 6E F8 B6 64 AE F2 B5 2F C1 E2 D7 02 : Integer (Length: 0x100) 0C 8E 25 A6 59 FB F6 87 6D 04 0E CD D3 8B A8 40 AD 49 BC 36 97 F7 D1 15 83 66 9C CD A5 E9 FD FA 77 50 7D 86 23 CC 37 F0 71 8B 21 63 24 13 4C 48 A6 2D F9 20 FE F6 49 DE B3 94 C4 93 CB D4 BD 60 97 DF 8E 11 5B 20 B6 01 EC C6 3F 95 4D 27 F0 35 [0xB0 bytes skipped.] 04 : Octet String (Length: 0x1F) 02 : Integer (Length: 0x1D) 03 3E 86 6B 8C 09 DD BB 39 01 F6 A3 72 1C 97 F5 47 87 55 DC C8 3D 12 14 8E D4 5C F2 9A -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com.
GDSA: Bit length of private key
Hi Wei and All, I am experiencing problems with DSA key generation. For some reasons, when I select the pair (2048 bit, 256 bit) as parameter size, only the prime divisor q is of 256 bit, but the private key (x) is of 224 bit. The other three values are ok. It does work properly with the other two "long" combinations (3072 bit, 256 bit) and (2048 bit, 224 bit), as specified by FIPS 186-3, chapter 4.2. See code and example below. Any clues? Is that a bug in the library or am I missing something? Ingo Source: CryptoPP::AutoSeededRandomPool rng; CryptoPP::GDSA::Signer GDSAprKey; // Generate Private Key GDSAprKey.AccessKey().GenerateRandom(rng, CryptoPP::MakeParameters(CryptoPP::Name::M odulusSize(), L)(CryptoPP::Name::SubgroupOrderSize(), N)); Table: S: SHA1 L: 1024, N: 160 -- q: bits, x: bits S: SHA224 L: 2048, N: 224 -- q: 224 bits, x: 224 bits L: 2048, N: 256 -- q: 256 bits, x: 224 bits (!) L: 3072, N: 256 -- q: 256 bits, x: 256 bits S: SHA256 L: 2048, N: 256 -- q: 256 bits, x: 224 bits (!) L: 3072, N: 256 -- q: 256 bits, x: 256 bits Key (S=SHA256, L=2048, N=256): 30 : SEQUENCE (Length: 0x261) 02 : Integer (Length: 0x01) 00 30 : SEQUENCE (Length: 0x239) 06 : Object Identifier (OID): 1.2.840.10040.4.1 dsa 30 : SEQUENCE (Length: 0x22C) 02 : Integer (Length: 0x101) 00 AF A3 1E F2 96 B6 2B 67 FB BA 25 E3 CB F4 AC C0 A1 65 37 32 28 0E 79 82 7B DD D3 A4 21 09 99 5F F8 BB 19 4F 5E 26 CB F4 6A 55 B0 D1 CF BE B7 73 47 16 90 76 A8 88 1E 0B 47 C1 68 58 E7 E7 75 33 BC 2B 5F 34 38 C0 60 0B B1 62 5A 4D 44 CB 62 BA [0xB0 bytes skipped.] 02 : Integer (Length: 0x21) 00 A1 FA 6E 89 04 90 F7 8C 26 69 69 EB 5E 57 01 B8 1A 8C 76 E9 E7 6E F8 B6 64 AE F2 B5 2F C1 E2 D7 02 : Integer (Length: 0x100) 0C 8E 25 A6 59 FB F6 87 6D 04 0E CD D3 8B A8 40 AD 49 BC 36 97 F7 D1 15 83 66 9C CD A5 E9 FD FA 77 50 7D 86 23 CC 37 F0 71 8B 21 63 24 13 4C 48 A6 2D F9 20 FE F6 49 DE B3 94 C4 93 CB D4 BD 60 97 DF 8E 11 5B 20 B6 01 EC C6 3F 95 4D 27 F0 35 [0xB0 bytes skipped.] 04 : Octet String (Length: 0x1F) 02 : Integer (Length: 0x1D) 03 3E 86 6B 8C 09 DD BB 39 01 F6 A3 72 1C 97 F5 47 87 55 DC C8 3D 12 14 8E D4 5C F2 9A -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com.
