Key generation

Key generation has two phases. The first phase is a choice of algorithm parameters which may be shared between different users of the system, while the second phase computes public and private keys for a single user.

Parameter generation

Choose an approved cryptographic hash function H. In the original DSS, H was always SHA-1, but the stronger SHA-2 hash functions are approved for use in the current DSS. The hash output may be truncated to the size of a key pair.

Decide on a key length L and N. This is the primary measure of the cryptographic strength of the key. The original DSS constrained L to be a multiple of 64 between 512 and 1024 (inclusive). NIST 800-57[7] recommends lengths of 2048 (or 3072) for keys with security lifetimes extending beyond 2010 (or 2030), using correspondingly longer N. FIPS 186-3[3] specifies L and N length pairs of (1024,160), (2048,224), (2048,256), and (3072,256).

Choose an N-bit prime q. N must be less than or equal to the hash output length.

Choose an L-bit prime modulus p such that pâ€“1 is a multiple of q.

Choose g, a number whose multiplicative order modulo p is q. This may be done by setting g = h(pâ€“1)/q mod p for some arbitrary h (1 < h < pâˆ’1), and trying again with a different h if the result comes out as 1. Most choices of h will lead to a usable g; commonly h=2 is used.

The algorithm parameters (p, q, g) may be shared between different users of the system.
### Tagged in:

Key generation has two phases. The first phase is a choice of algorithm parameters which may be shared between different users of the system, while the second phase computes public and private keys for a single user.

Parameter generation

Choose an approved cryptographic hash function H. In the original DSS, H was always SHA-1, but the stronger SHA-2 hash functions are approved for use in the current DSS. The hash output may be truncated to the size of a key pair.

Decide on a key length L and N. This is the primary measure of the cryptographic strength of the key. The original DSS constrained L to be a multiple of 64 between 512 and 1024 (inclusive). NIST 800-57[7] recommends lengths of 2048 (or 3072) for keys with security lifetimes extending beyond 2010 (or 2030), using correspondingly longer N. FIPS 186-3[3] specifies L and N length pairs of (1024,160), (2048,224), (2048,256), and (3072,256).

Choose an N-bit prime q. N must be less than or equal to the hash output length.

Choose an L-bit prime modulus p such that pâ€“1 is a multiple of q.

Choose g, a number whose multiplicative order modulo p is q. This may be done by setting g = h(pâ€“1)/q mod p for some arbitrary h (1 < h < pâˆ’1), and trying again with a different h if the result comes out as 1. Most choices of h will lead to a usable g; commonly h=2 is used.

The algorithm parameters (p, q, g) may be shared between different users of the system.

You must LOGIN to add comments