1Crypt::PK::DSA(3)     User Contributed Perl Documentation    Crypt::PK::DSA(3)
2
3
4

NAME

6       Crypt::PK::DSA - Public key cryptography based on DSA
7

SYNOPSIS

9        ### OO interface
10
11        #Encryption: Alice
12        my $pub = Crypt::PK::DSA->new('Bob_pub_dsa1.der');
13        my $ct = $pub->encrypt("secret message");
14        #
15        #Encryption: Bob (received ciphertext $ct)
16        my $priv = Crypt::PK::DSA->new('Bob_priv_dsa1.der');
17        my $pt = $priv->decrypt($ct);
18
19        #Signature: Alice
20        my $priv = Crypt::PK::DSA->new('Alice_priv_dsa1.der');
21        my $sig = $priv->sign_message($message);
22        #
23        #Signature: Bob (received $message + $sig)
24        my $pub = Crypt::PK::DSA->new('Alice_pub_dsa1.der');
25        $pub->verify_message($sig, $message) or die "ERROR";
26
27        #Key generation
28        my $pk = Crypt::PK::DSA->new();
29        $pk->generate_key(30, 256);
30        my $private_der = $pk->export_key_der('private');
31        my $public_der = $pk->export_key_der('public');
32        my $private_pem = $pk->export_key_pem('private');
33        my $public_pem = $pk->export_key_pem('public');
34
35        ### Functional interface
36
37        #Encryption: Alice
38        my $ct = dsa_encrypt('Bob_pub_dsa1.der', "secret message");
39        #Encryption: Bob (received ciphertext $ct)
40        my $pt = dsa_decrypt('Bob_priv_dsa1.der', $ct);
41
42        #Signature: Alice
43        my $sig = dsa_sign_message('Alice_priv_dsa1.der', $message);
44        #Signature: Bob (received $message + $sig)
45        dsa_verify_message('Alice_pub_dsa1.der', $sig, $message) or die "ERROR";
46

METHODS

48   new
49         my $pk = Crypt::PK::DSA->new();
50         #or
51         my $pk = Crypt::PK::DSA->new($priv_or_pub_key_filename);
52         #or
53         my $pk = Crypt::PK::DSA->new(\$buffer_containing_priv_or_pub_key);
54
55       Support for password protected PEM keys
56
57         my $pk = Crypt::PK::DSA->new($priv_pem_key_filename, $password);
58         #or
59         my $pk = Crypt::PK::DSA->new(\$buffer_containing_priv_pem_key, $password);
60
61   generate_key
62       Uses Yarrow-based cryptographically strong random number generator
63       seeded with random data taken from "/dev/random" (UNIX) or
64       "CryptGenRandom" (Win32).
65
66        $pk->generate_key($group_size, $modulus_size);
67        # $group_size  ... in bytes .. 15 < $group_size < 1024
68        # $modulus_size .. in bytes .. ($modulus_size - $group_size) < 512
69
70        ### Bits of Security according to libtomcrypt documentation
71        # 80 bits   => generate_key(20, 128)
72        # 120 bits  => generate_key(30, 256)
73        # 140 bits  => generate_key(35, 384)
74        # 160 bits  => generate_key(40, 512)
75
76        ### Sizes according section 4.2 of FIPS 186-4
77        # (L and N are the bit lengths of p and q respectively)
78        # L = 1024, N = 160 => generate_key(20, 128)
79        # L = 2048, N = 224 => generate_key(28, 256)
80        # L = 2048, N = 256 => generate_key(32, 256)
81        # L = 3072, N = 256 => generate_key(32, 384)
82
83        $pk->generate_key($param_hash)
84        # $param_hash is { d => $d, p => $p, q => $q }
85        # where $d, $p, $q are hex strings
86
87        $pk->generate_key(\$dsa_param)
88        # $dsa_param is the content of DER or PEM file with DSA params
89        # e.g. openssl dsaparam 2048
90
91   import_key
92       Loads private or public key in DER or PEM format.
93
94         $pk->import_key($filename);
95         #or
96         $pk->import_key(\$buffer_containing_key);
97
98       Support for password protected PEM keys
99
100         $pk->import_key($pem_filename, $password);
101         #or
102         $pk->import_key(\$buffer_containing_pem_key, $password);
103
104       Loading private or public keys form perl hash:
105
106        $pk->import_key($hashref);
107
108        # where $hashref is a key exported via key2hash
109        $pk->import_key({
110          p => "AAF839A764E04D80824B79FA1F0496C093...", #prime modulus
111          q => "D05C4CB45F29D353442F1FEC43A6BE2BE8...", #prime divisor
112          g => "847E8896D12C9BF18FE283AE7AD58ED7F3...", #generator of a subgroup of order q in GF(p)
113          x => "6C801901AC74E2DC714D75A9F6969483CF...", #private key, random  0 < x < q
114          y => "8F7604D77FA62C7539562458A63C7611B7...", #public key, where y = g^x mod p
115        });
116
117       Supported key formats:
118
119       •   DSA public keys
120
121            -----BEGIN PUBLIC KEY-----
122            MIIBtjCCASsGByqGSM44BAEwggEeAoGBAJKyu+puNMGLpGIhbD1IatnwlI79ePr4
123            YHe2KBhRkheKxWUZRpN1Vd/+usS2IHSJ9op5cSWETiP05d7PMtJaitklw7jhudq3
124            GxNvV/GRdCQm3H6d76FHP88dms4vcDYc6ry6wKERGfNEtZ+4BAKrMZK+gDYsF4Aw
125            U6WVR969kYZhAhUA6w25FgSRmJ8W4XkvC60n8Wv3DpMCgYA4ZFE+3tLOM24PZj9Z
126            rxuqUzZZdR+kIzrsIYpWN9ustbmdKLKwsqIaUIxc5zxHEhbAjAIf8toPD+VEQIpY
127            7vgJgDhXuPq45BgN19iLTzOJwIhAFXPZvnAdIo9D/AnMw688gT6g6U8QCZwX2XYg
128            ICiVcriYVNcjVKHSFY/X0Oi7CgOBhAACgYB4ZTn4OYT/pjUd6tNhGPtOS3CE1oaj
129            5ScbetXg4ZDpceEyQi8VG+/ZTbs8var8X77JdEdeQA686cAxpOaVgW8V4odvcmfA
130            BfueiGnPXjqGfppiHAyL1Ngyd+EsXKmKVXZYAVFVI0WuJKiZBSVURU7+ByxOfpGa
131            fZhibr0SggWixQ==
132            -----END PUBLIC KEY-----
133
134       •   DSA private keys
135
136            -----BEGIN DSA PRIVATE KEY-----
137            MIIBuwIBAAKBgQCSsrvqbjTBi6RiIWw9SGrZ8JSO/Xj6+GB3tigYUZIXisVlGUaT
138            dVXf/rrEtiB0ifaKeXElhE4j9OXezzLSWorZJcO44bnatxsTb1fxkXQkJtx+ne+h
139            Rz/PHZrOL3A2HOq8usChERnzRLWfuAQCqzGSvoA2LBeAMFOllUfevZGGYQIVAOsN
140            uRYEkZifFuF5LwutJ/Fr9w6TAoGAOGRRPt7SzjNuD2Y/Wa8bqlM2WXUfpCM67CGK
141            VjfbrLW5nSiysLKiGlCMXOc8RxIWwIwCH/LaDw/lRECKWO74CYA4V7j6uOQYDdfY
142            i08zicCIQBVz2b5wHSKPQ/wJzMOvPIE+oOlPEAmcF9l2ICAolXK4mFTXI1Sh0hWP
143            19DouwoCgYB4ZTn4OYT/pjUd6tNhGPtOS3CE1oaj5ScbetXg4ZDpceEyQi8VG+/Z
144            Tbs8var8X77JdEdeQA686cAxpOaVgW8V4odvcmfABfueiGnPXjqGfppiHAyL1Ngy
145            d+EsXKmKVXZYAVFVI0WuJKiZBSVURU7+ByxOfpGafZhibr0SggWixQIVAL7Sia03
146            8bvANjjL9Sitk8slrM6P
147            -----END DSA PRIVATE KEY-----
148
149       •   DSA private keys in password protected PEM format:
150
151            -----BEGIN DSA PRIVATE KEY-----
152            Proc-Type: 4,ENCRYPTED
153            DEK-Info: DES-CBC,227ADC3AA0299491
154
155            UISxBYAxPQMl2eK9LMAeHsssF6IxO+4G2ta2Jn8VE+boJrrH3iSTKeMXGjGaXl0z
156            DwcLGV+KMR70y+cxtTb34rFy+uSpBy10dOQJhxALDbe1XfCDQIUfaXRfMNA3um2I
157            JdZixUD/zcxBOUzao+MCr0V9XlJDgqBhJ5EEr53XHH07Eo5fhiBfbbR9NzdUPFrQ
158            p2ASyZtFh7RXoIBUCQgg21oeLddcNWV7gd/Y46kghO9s0JbJ8C+IsuWEPRSq502h
159            tSoDN6B0sxbVvOUICLLbQaxt7yduTAhRxVIJZ1PWATTVD7CZBVz9uIDZ7LOv+er2
160            1q3vkwb8E9spPsA240+BnfD571XEop4jrawxC0VKQZ+3cPVLc6jhIsxvzzFQUt67
161            g66v8GUgt7KF3KhVV7qEtntybQWDWb+K/uTIH9Ra8nP820d3Rnl61pPXDPlluteT
162            WSLOvEMN2zRmkaxQNv/tLdT0SYpQtdjw74G3A6T7+KnvinKrjtp1a/AXkCF9hNEx
163            DGbxOYo1UOmk8qdxWCrab34nO+Q8oQc9wjXHG+ZtRYIMoGMKREK8DeL4H1RPNkMf
164            rwXWk8scd8QFmJAb8De1VQ==
165            -----END DSA PRIVATE KEY-----
166
167       •   SSH public DSA keys
168
169            ssh-dss AAAAB3NzaC1kc3MAAACBAKU8/avmk...4XOwuEssAVhmwA==
170
171       •   SSH public DSA keys (RFC-4716 format)
172
173            ---- BEGIN SSH2 PUBLIC KEY ----
174            Comment: "1024-bit DSA, converted from OpenSSH"
175            AAAAB3NzaC1kc3MAAACBAKU8/avmkFeGnSqwYG7dZnQlG+01QNaxu3F5v0NcL/SRUW7Idp
176            Uq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFigH7WN3v6ydJWqm60pNhNHN//50cn
177            NtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOzsylSfF/wtVBJAAAAFQChpubLHViwPB
178            +jSvUb8e4THS7PBQAAAIAJD1PMCiTCQa1xyD/NCWOajCufTOIzKAhm6l+nlBVPiKI+262X
179            pYt127Ke4mPL8XJBizoTjSQN08uHMg/8L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4Q
180            RFxr5Vbyy8qnejrPjTJobBN1BGsv84wHkjmoCn6pFIfkGYeATlJgAAAIAHYPU1zMVBTDWr
181            u7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCfGLGA1ynfYENsxcJq9nsXrb4i17H5BH
182            JFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDkltObw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5
183            ZkNI4XOwuEssAVhmwA==
184            ---- END SSH2 PUBLIC KEY ----
185
186   export_key_der
187        my $private_der = $pk->export_key_der('private');
188        #or
189        my $public_der = $pk->export_key_der('public');
190
191   export_key_pem
192        my $private_pem = $pk->export_key_pem('private');
193        #or
194        my $public_pem = $pk->export_key_pem('public');
195        #or
196        my $public_pem = $pk->export_key_pem('public_x509');
197
198       With parameter 'public' uses header and footer lines:
199
200         -----BEGIN DSA PUBLIC KEY------
201         -----END DSA PUBLIC KEY------
202
203       With parameter 'public_x509' uses header and footer lines:
204
205         -----BEGIN PUBLIC KEY------
206         -----END PUBLIC KEY------
207
208       Support for password protected PEM keys
209
210        my $private_pem = $pk->export_key_pem('private', $password);
211        #or
212        my $private_pem = $pk->export_key_pem('private', $password, $cipher);
213
214        # supported ciphers: 'DES-CBC'
215        #                    'DES-EDE3-CBC'
216        #                    'SEED-CBC'
217        #                    'CAMELLIA-128-CBC'
218        #                    'CAMELLIA-192-CBC'
219        #                    'CAMELLIA-256-CBC'
220        #                    'AES-128-CBC'
221        #                    'AES-192-CBC'
222        #                    'AES-256-CBC' (DEFAULT)
223
224   encrypt
225        my $pk = Crypt::PK::DSA->new($pub_key_filename);
226        my $ct = $pk->encrypt($message);
227        #or
228        my $ct = $pk->encrypt($message, $hash_name);
229
230        #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
231
232   decrypt
233        my $pk = Crypt::PK::DSA->new($priv_key_filename);
234        my $pt = $pk->decrypt($ciphertext);
235
236   sign_message
237        my $pk = Crypt::PK::DSA->new($priv_key_filename);
238        my $signature = $priv->sign_message($message);
239        #or
240        my $signature = $priv->sign_message($message, $hash_name);
241
242        #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
243
244   verify_message
245        my $pk = Crypt::PK::DSA->new($pub_key_filename);
246        my $valid = $pub->verify_message($signature, $message)
247        #or
248        my $valid = $pub->verify_message($signature, $message, $hash_name);
249
250        #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
251
252   sign_hash
253        my $pk = Crypt::PK::DSA->new($priv_key_filename);
254        my $signature = $priv->sign_hash($message_hash);
255
256   verify_hash
257        my $pk = Crypt::PK::DSA->new($pub_key_filename);
258        my $valid = $pub->verify_hash($signature, $message_hash);
259
260   is_private
261        my $rv = $pk->is_private;
262        # 1 .. private key loaded
263        # 0 .. public key loaded
264        # undef .. no key loaded
265
266   size
267        my $size = $pk->size;
268        # returns key size in bytes or undef if no key loaded
269
270   key2hash
271        my $hash = $pk->key2hash;
272
273        # returns hash like this (or undef if no key loaded):
274        {
275          type => 1,   # integer: 1 .. private, 0 .. public
276          size => 256, # integer: key size in bytes
277          # all the rest are hex strings
278          p => "AAF839A764E04D80824B79FA1F0496C093...", #prime modulus
279          q => "D05C4CB45F29D353442F1FEC43A6BE2BE8...", #prime divisor
280          g => "847E8896D12C9BF18FE283AE7AD58ED7F3...", #generator of a subgroup of order q in GF(p)
281          x => "6C801901AC74E2DC714D75A9F6969483CF...", #private key, random  0 < x < q
282          y => "8F7604D77FA62C7539562458A63C7611B7...", #public key, where y = g^x mod p
283        }
284

FUNCTIONS

286   dsa_encrypt
287       DSA based encryption as implemented by libtomcrypt. See method
288       "encrypt" below.
289
290        my $ct = dsa_encrypt($pub_key_filename, $message);
291        #or
292        my $ct = dsa_encrypt(\$buffer_containing_pub_key, $message);
293        #or
294        my $ct = dsa_encrypt($pub_key_filename, $message, $hash_name);
295
296        #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
297
298       Encryption works similar to the Crypt::PK::ECC encryption whereas
299       shared DSA key is computed, and the hash of the shared key XOR'ed
300       against the plaintext forms the ciphertext.
301
302   dsa_decrypt
303       DSA based decryption as implemented by libtomcrypt. See method
304       "decrypt" below.
305
306        my $pt = dsa_decrypt($priv_key_filename, $ciphertext);
307        #or
308        my $pt = dsa_decrypt(\$buffer_containing_priv_key, $ciphertext);
309
310   dsa_sign_message
311       Generate DSA signature. See method "sign_message" below.
312
313        my $sig = dsa_sign_message($priv_key_filename, $message);
314        #or
315        my $sig = dsa_sign_message(\$buffer_containing_priv_key, $message);
316        #or
317        my $sig = dsa_sign_message($priv_key, $message, $hash_name);
318
319   dsa_verify_message
320       Verify DSA signature. See method "verify_message" below.
321
322        dsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
323        #or
324        dsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
325        #or
326        dsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
327
328   dsa_sign_hash
329       Generate DSA signature. See method "sign_hash" below.
330
331        my $sig = dsa_sign_hash($priv_key_filename, $message_hash);
332        #or
333        my $sig = dsa_sign_hash(\$buffer_containing_priv_key, $message_hash);
334
335   dsa_verify_hash
336       Verify DSA signature. See method "verify_hash" below.
337
338        dsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
339        #or
340        dsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
341

OpenSSL interoperability

343        ### let's have:
344        # DSA private key in PEM format - dsakey.priv.pem
345        # DSA public key in PEM format  - dsakey.pub.pem
346        # data file to be signed - input.data
347
348   Sign by OpenSSL, verify by Crypt::PK::DSA
349       Create signature (from commandline):
350
351        openssl dgst -sha1 -sign dsakey.priv.pem -out input.sha1-dsa.sig input.data
352
353       Verify signature (Perl code):
354
355        use Crypt::PK::DSA;
356        use Crypt::Digest 'digest_file';
357        use File::Slurp 'read_file';
358
359        my $pkdsa = Crypt::PK::DSA->new("dsakey.pub.pem");
360        my $signature = read_file("input.sha1-dsa.sig", binmode=>':raw');
361        my $valid = $pkdsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
362        print $valid ? "SUCCESS" : "FAILURE";
363
364   Sign by Crypt::PK::DSA, verify by OpenSSL
365       Create signature (Perl code):
366
367        use Crypt::PK::DSA;
368        use Crypt::Digest 'digest_file';
369        use File::Slurp 'write_file';
370
371        my $pkdsa = Crypt::PK::DSA->new("dsakey.priv.pem");
372        my $signature = $pkdsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
373        write_file("input.sha1-dsa.sig", {binmode=>':raw'}, $signature);
374
375       Verify signature (from commandline):
376
377        openssl dgst -sha1 -verify dsakey.pub.pem -signature input.sha1-dsa.sig input.data
378
379   Keys generated by Crypt::PK::DSA
380       Generate keys (Perl code):
381
382        use Crypt::PK::DSA;
383        use File::Slurp 'write_file';
384
385        my $pkdsa = Crypt::PK::DSA->new;
386        $pkdsa->generate_key(20, 128);
387        write_file("dsakey.pub.der",  {binmode=>':raw'}, $pkdsa->export_key_der('public'));
388        write_file("dsakey.priv.der", {binmode=>':raw'}, $pkdsa->export_key_der('private'));
389        write_file("dsakey.pub.pem",  $pkdsa->export_key_pem('public_x509'));
390        write_file("dsakey.priv.pem", $pkdsa->export_key_pem('private'));
391        write_file("dsakey-passwd.priv.pem", $pkdsa->export_key_pem('private', 'secret'));
392
393       Use keys by OpenSSL:
394
395        openssl dsa -in dsakey.priv.der -text -inform der
396        openssl dsa -in dsakey.priv.pem -text
397        openssl dsa -in dsakey-passwd.priv.pem -text -inform pem -passin pass:secret
398        openssl dsa -in dsakey.pub.der -pubin -text -inform der
399        openssl dsa -in dsakey.pub.pem -pubin -text
400
401   Keys generated by OpenSSL
402       Generate keys:
403
404        openssl dsaparam -genkey -out dsakey.priv.pem 1024
405        openssl dsa -in dsakey.priv.pem -out dsakey.priv.der -outform der
406        openssl dsa -in dsakey.priv.pem -out dsakey.pub.pem -pubout
407        openssl dsa -in dsakey.priv.pem -out dsakey.pub.der -outform der -pubout
408        openssl dsa -in dsakey.priv.pem -passout pass:secret -des3 -out dsakey-passwd.priv.pem
409
410       Load keys (Perl code):
411
412        use Crypt::PK::DSA;
413        use File::Slurp 'write_file';
414
415        my $pkdsa = Crypt::PK::DSA->new;
416        $pkdsa->import_key("dsakey.pub.der");
417        $pkdsa->import_key("dsakey.priv.der");
418        $pkdsa->import_key("dsakey.pub.pem");
419        $pkdsa->import_key("dsakey.priv.pem");
420        $pkdsa->import_key("dsakey-passwd.priv.pem", "secret");
421

SEE ALSO

423       •   <https://en.wikipedia.org/wiki/Digital_Signature_Algorithm>
424
425
426
427perl v5.34.0                      2021-07-22                 Crypt::PK::DSA(3)
Impressum