1Crypt::PK::DSA(3)     User Contributed Perl Documentation    Crypt::PK::DSA(3)
2
3
4

NAME

6       Crypt::PK::DSA - Public key cryptography based on DSA
7

SYNOPSIS

9        ### OO interface
10
11        #Encryption: Alice
12        my $pub = Crypt::PK::DSA->new('Bob_pub_dsa1.der');
13        my $ct = $pub->encrypt("secret message");
14        #
15        #Encryption: Bob (received ciphertext $ct)
16        my $priv = Crypt::PK::DSA->new('Bob_priv_dsa1.der');
17        my $pt = $priv->decrypt($ct);
18
19        #Signature: Alice
20        my $priv = Crypt::PK::DSA->new('Alice_priv_dsa1.der');
21        my $sig = $priv->sign_message($message);
22        #
23        #Signature: Bob (received $message + $sig)
24        my $pub = Crypt::PK::DSA->new('Alice_pub_dsa1.der');
25        $pub->verify_message($sig, $message) or die "ERROR";
26
27        #Key generation
28        my $pk = Crypt::PK::DSA->new();
29        $pk->generate_key(30, 256);
30        my $private_der = $pk->export_key_der('private');
31        my $public_der = $pk->export_key_der('public');
32        my $private_pem = $pk->export_key_pem('private');
33        my $public_pem = $pk->export_key_pem('public');
34
35        ### Functional interface
36
37        #Encryption: Alice
38        my $ct = dsa_encrypt('Bob_pub_dsa1.der', "secret message");
39        #Encryption: Bob (received ciphertext $ct)
40        my $pt = dsa_decrypt('Bob_priv_dsa1.der', $ct);
41
42        #Signature: Alice
43        my $sig = dsa_sign_message('Alice_priv_dsa1.der', $message);
44        #Signature: Bob (received $message + $sig)
45        dsa_verify_message('Alice_pub_dsa1.der', $sig, $message) or die "ERROR";
46

METHODS

48   new
49         my $pk = Crypt::PK::DSA->new();
50         #or
51         my $pk = Crypt::PK::DSA->new($priv_or_pub_key_filename);
52         #or
53         my $pk = Crypt::PK::DSA->new(\$buffer_containing_priv_or_pub_key);
54
55       Support for password protected PEM keys
56
57         my $pk = Crypt::PK::DSA->new($priv_pem_key_filename, $password);
58         #or
59         my $pk = Crypt::PK::DSA->new(\$buffer_containing_priv_pem_key, $password);
60
61   generate_key
62       Uses Yarrow-based cryptographically strong random number generator
63       seeded with random data taken from "/dev/random" (UNIX) or
64       "CryptGenRandom" (Win32).
65
66        $pk->generate_key($group_size, $modulus_size);
67        # $group_size  ... in bytes .. 15 < $group_size < 1024
68        # $modulus_size .. in bytes .. ($modulus_size - $group_size) < 512
69
70        ### Bits of Security according to libtomcrypt documentation
71        # 80 bits   => generate_key(20, 128)
72        # 120 bits  => generate_key(30, 256)
73        # 140 bits  => generate_key(35, 384)
74        # 160 bits  => generate_key(40, 512)
75
76        ### Sizes according section 4.2 of FIPS 186-4
77        # (L and N are the bit lengths of p and q respectively)
78        # L = 1024, N = 160 => generate_key(20, 128)
79        # L = 2048, N = 224 => generate_key(28, 256)
80        # L = 2048, N = 256 => generate_key(32, 256)
81        # L = 3072, N = 256 => generate_key(32, 384)
82
83        $pk->generate_key($param_hash)
84        # $param_hash is { d => $d, p => $p, q => $q }
85        # where $d, $p, $q are hex strings
86
87        $pk->generate_key(\$dsa_param)
88        # $dsa_param is the content of DER or PEM file with DSA params
89        # e.g. openssl dsaparam 2048
90
91   import_key
92       Loads private or public key in DER or PEM format.
93
94         $pk->import_key($filename);
95         #or
96         $pk->import_key(\$buffer_containing_key);
97
98       Support for password protected PEM keys
99
100         $pk->import_key($pem_filename, $password);
101         #or
102         $pk->import_key(\$buffer_containing_pem_key, $password);
103
104       Loading private or public keys form perl hash:
105
106        $pk->import_key($hashref);
107
108        # where $hashref is a key exported via key2hash
109        $pk->import_key({
110          p => "AAF839A764E04D80824B79FA1F0496C093...", #prime modulus
111          q => "D05C4CB45F29D353442F1FEC43A6BE2BE8...", #prime divisor
112          g => "847E8896D12C9BF18FE283AE7AD58ED7F3...", #generator of a subgroup of order q in GF(p)
113          x => "6C801901AC74E2DC714D75A9F6969483CF...", #private key, random  0 < x < q
114          y => "8F7604D77FA62C7539562458A63C7611B7...", #public key, where y = g^x mod p
115        });
116
117       Supported key formats:
118
119       •   DSA public keys
120
121            -----BEGIN PUBLIC KEY-----
122            MIIBtjCCASsGByqGSM44BAEwggEeAoGBAJKyu+puNMGLpGIhbD1IatnwlI79ePr4
123            YHe2KBhRkheKxWUZRpN1Vd/+usS2IHSJ9op5cSWETiP05d7PMtJaitklw7jhudq3
124            GxNvV/GRdCQm3H6d76FHP88dms4vcDYc6ry6wKERGfNEtZ+4BAKrMZK+gDYsF4Aw
125            U6WVR969kYZhAhUA6w25FgSRmJ8W4XkvC60n8Wv3DpMCgYA4ZFE+3tLOM24PZj9Z
126            rxuqUzZZdR+kIzrsIYpWN9ustbmdKLKwsqIaUIxc5zxHEhbAjAIf8toPD+VEQIpY
127            7vgJgDhXuPq45BgN19iLTzOJwIhAFXPZvnAdIo9D/AnMw688gT6g6U8QCZwX2XYg
128            ICiVcriYVNcjVKHSFY/X0Oi7CgOBhAACgYB4ZTn4OYT/pjUd6tNhGPtOS3CE1oaj
129            5ScbetXg4ZDpceEyQi8VG+/ZTbs8var8X77JdEdeQA686cAxpOaVgW8V4odvcmfA
130            BfueiGnPXjqGfppiHAyL1Ngyd+EsXKmKVXZYAVFVI0WuJKiZBSVURU7+ByxOfpGa
131            fZhibr0SggWixQ==
132            -----END PUBLIC KEY-----
133
134       •   DSA private keys
135
136            -----BEGIN DSA PRIVATE KEY-----
137            MIIBuwIBAAKBgQCSsrvqbjTBi6RiIWw9SGrZ8JSO/Xj6+GB3tigYUZIXisVlGUaT
138            dVXf/rrEtiB0ifaKeXElhE4j9OXezzLSWorZJcO44bnatxsTb1fxkXQkJtx+ne+h
139            Rz/PHZrOL3A2HOq8usChERnzRLWfuAQCqzGSvoA2LBeAMFOllUfevZGGYQIVAOsN
140            uRYEkZifFuF5LwutJ/Fr9w6TAoGAOGRRPt7SzjNuD2Y/Wa8bqlM2WXUfpCM67CGK
141            VjfbrLW5nSiysLKiGlCMXOc8RxIWwIwCH/LaDw/lRECKWO74CYA4V7j6uOQYDdfY
142            i08zicCIQBVz2b5wHSKPQ/wJzMOvPIE+oOlPEAmcF9l2ICAolXK4mFTXI1Sh0hWP
143            19DouwoCgYB4ZTn4OYT/pjUd6tNhGPtOS3CE1oaj5ScbetXg4ZDpceEyQi8VG+/Z
144            Tbs8var8X77JdEdeQA686cAxpOaVgW8V4odvcmfABfueiGnPXjqGfppiHAyL1Ngy
145            d+EsXKmKVXZYAVFVI0WuJKiZBSVURU7+ByxOfpGafZhibr0SggWixQIVAL7Sia03
146            8bvANjjL9Sitk8slrM6P
147            -----END DSA PRIVATE KEY-----
148
149       •   DSA private keys in password protected PEM format:
150
151            -----BEGIN DSA PRIVATE KEY-----
152            Proc-Type: 4,ENCRYPTED
153            DEK-Info: DES-CBC,227ADC3AA0299491
154
155            UISxBYAxPQMl2eK9LMAeHsssF6IxO+4G2ta2Jn8VE+boJrrH3iSTKeMXGjGaXl0z
156            DwcLGV+KMR70y+cxtTb34rFy+uSpBy10dOQJhxALDbe1XfCDQIUfaXRfMNA3um2I
157            JdZixUD/zcxBOUzao+MCr0V9XlJDgqBhJ5EEr53XHH07Eo5fhiBfbbR9NzdUPFrQ
158            p2ASyZtFh7RXoIBUCQgg21oeLddcNWV7gd/Y46kghO9s0JbJ8C+IsuWEPRSq502h
159            tSoDN6B0sxbVvOUICLLbQaxt7yduTAhRxVIJZ1PWATTVD7CZBVz9uIDZ7LOv+er2
160            1q3vkwb8E9spPsA240+BnfD571XEop4jrawxC0VKQZ+3cPVLc6jhIsxvzzFQUt67
161            g66v8GUgt7KF3KhVV7qEtntybQWDWb+K/uTIH9Ra8nP820d3Rnl61pPXDPlluteT
162            WSLOvEMN2zRmkaxQNv/tLdT0SYpQtdjw74G3A6T7+KnvinKrjtp1a/AXkCF9hNEx
163            DGbxOYo1UOmk8qdxWCrab34nO+Q8oQc9wjXHG+ZtRYIMoGMKREK8DeL4H1RPNkMf
164            rwXWk8scd8QFmJAb8De1VQ==
165            -----END DSA PRIVATE KEY-----
166
167       •   SSH public DSA keys
168
169            ssh-dss AAAAB3NzaC1kc3MAAACBAKU8/avmk...4XOwuEssAVhmwA==
170
171       •   SSH public DSA keys (RFC-4716 format)
172
173            ---- BEGIN SSH2 PUBLIC KEY ----
174            Comment: "1024-bit DSA, converted from OpenSSH"
175            AAAAB3NzaC1kc3MAAACBAKU8/avmkFeGnSqwYG7dZnQlG+01QNaxu3F5v0NcL/SRUW7Idp
176            Uq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFigH7WN3v6ydJWqm60pNhNHN//50cn
177            NtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOzsylSfF/wtVBJAAAAFQChpubLHViwPB
178            +jSvUb8e4THS7PBQAAAIAJD1PMCiTCQa1xyD/NCWOajCufTOIzKAhm6l+nlBVPiKI+262X
179            pYt127Ke4mPL8XJBizoTjSQN08uHMg/8L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4Q
180            RFxr5Vbyy8qnejrPjTJobBN1BGsv84wHkjmoCn6pFIfkGYeATlJgAAAIAHYPU1zMVBTDWr
181            u7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCfGLGA1ynfYENsxcJq9nsXrb4i17H5BH
182            JFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDkltObw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5
183            ZkNI4XOwuEssAVhmwA==
184            ---- END SSH2 PUBLIC KEY ----
185
186   export_key_der
187        my $private_der = $pk->export_key_der('private');
188        #or
189        my $public_der = $pk->export_key_der('public');
190
191   export_key_pem
192        my $private_pem = $pk->export_key_pem('private');
193        #or
194        my $public_pem = $pk->export_key_pem('public');
195        #or
196        my $public_pem = $pk->export_key_pem('public_x509');
197
198       With parameter 'public' uses header and footer lines:
199
200         -----BEGIN DSA PUBLIC KEY------
201         -----END DSA PUBLIC KEY------
202
203       With parameter 'public_x509' uses header and footer lines:
204
205         -----BEGIN PUBLIC KEY------
206         -----END PUBLIC KEY------
207
208       Support for password protected PEM keys
209
210        my $private_pem = $pk->export_key_pem('private', $password);
211        #or
212        my $private_pem = $pk->export_key_pem('private', $password, $cipher);
213
214        # supported ciphers: 'DES-CBC'
215        #                    'DES-EDE3-CBC'
216        #                    'SEED-CBC'
217        #                    'CAMELLIA-128-CBC'
218        #                    'CAMELLIA-192-CBC'
219        #                    'CAMELLIA-256-CBC'
220        #                    'AES-128-CBC'
221        #                    'AES-192-CBC'
222        #                    'AES-256-CBC' (DEFAULT)
223
224   encrypt
225        my $pk = Crypt::PK::DSA->new($pub_key_filename);
226        my $ct = $pk->encrypt($message);
227        #or
228        my $ct = $pk->encrypt($message, $hash_name);
229
230        #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
231
232   decrypt
233        my $pk = Crypt::PK::DSA->new($priv_key_filename);
234        my $pt = $pk->decrypt($ciphertext);
235
236   sign_message
237        my $pk = Crypt::PK::DSA->new($priv_key_filename);
238        my $signature = $priv->sign_message($message);
239        #or
240        my $signature = $priv->sign_message($message, $hash_name);
241
242        #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
243
244   verify_message
245        my $pk = Crypt::PK::DSA->new($pub_key_filename);
246        my $valid = $pub->verify_message($signature, $message)
247        #or
248        my $valid = $pub->verify_message($signature, $message, $hash_name);
249
250        #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
251
252   sign_hash
253        my $pk = Crypt::PK::DSA->new($priv_key_filename);
254        my $signature = $priv->sign_hash($message_hash);
255
256   verify_hash
257        my $pk = Crypt::PK::DSA->new($pub_key_filename);
258        my $valid = $pub->verify_hash($signature, $message_hash);
259
260   is_private
261        my $rv = $pk->is_private;
262        # 1 .. private key loaded
263        # 0 .. public key loaded
264        # undef .. no key loaded
265
266   size
267        my $size = $pk->size;
268        # returns key size (length of the prime p) in bytes or undef if key not loaded
269
270   size_q
271        my $size = $pk->size_q;
272        # returns length of the prime q in bytes or undef if key not loaded
273
274   key2hash
275        my $hash = $pk->key2hash;
276
277        # returns hash like this (or undef if no key loaded):
278        {
279          type => 1,   # integer: 1 .. private, 0 .. public
280          size => 256, # integer: key size in bytes
281          # all the rest are hex strings
282          p => "AAF839A764E04D80824B79FA1F0496C093...", #prime modulus
283          q => "D05C4CB45F29D353442F1FEC43A6BE2BE8...", #prime divisor
284          g => "847E8896D12C9BF18FE283AE7AD58ED7F3...", #generator of a subgroup of order q in GF(p)
285          x => "6C801901AC74E2DC714D75A9F6969483CF...", #private key, random  0 < x < q
286          y => "8F7604D77FA62C7539562458A63C7611B7...", #public key, where y = g^x mod p
287        }
288

FUNCTIONS

290   dsa_encrypt
291       DSA based encryption as implemented by libtomcrypt. See method
292       "encrypt" below.
293
294        my $ct = dsa_encrypt($pub_key_filename, $message);
295        #or
296        my $ct = dsa_encrypt(\$buffer_containing_pub_key, $message);
297        #or
298        my $ct = dsa_encrypt($pub_key_filename, $message, $hash_name);
299
300        #NOTE: $hash_name can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest
301
302       Encryption works similar to the Crypt::PK::ECC encryption whereas
303       shared DSA key is computed, and the hash of the shared key XOR'ed
304       against the plaintext forms the ciphertext.
305
306   dsa_decrypt
307       DSA based decryption as implemented by libtomcrypt. See method
308       "decrypt" below.
309
310        my $pt = dsa_decrypt($priv_key_filename, $ciphertext);
311        #or
312        my $pt = dsa_decrypt(\$buffer_containing_priv_key, $ciphertext);
313
314   dsa_sign_message
315       Generate DSA signature. See method "sign_message" below.
316
317        my $sig = dsa_sign_message($priv_key_filename, $message);
318        #or
319        my $sig = dsa_sign_message(\$buffer_containing_priv_key, $message);
320        #or
321        my $sig = dsa_sign_message($priv_key, $message, $hash_name);
322
323   dsa_verify_message
324       Verify DSA signature. See method "verify_message" below.
325
326        dsa_verify_message($pub_key_filename, $signature, $message) or die "ERROR";
327        #or
328        dsa_verify_message(\$buffer_containing_pub_key, $signature, $message) or die "ERROR";
329        #or
330        dsa_verify_message($pub_key, $signature, $message, $hash_name) or die "ERROR";
331
332   dsa_sign_hash
333       Generate DSA signature. See method "sign_hash" below.
334
335        my $sig = dsa_sign_hash($priv_key_filename, $message_hash);
336        #or
337        my $sig = dsa_sign_hash(\$buffer_containing_priv_key, $message_hash);
338
339   dsa_verify_hash
340       Verify DSA signature. See method "verify_hash" below.
341
342        dsa_verify_hash($pub_key_filename, $signature, $message_hash) or die "ERROR";
343        #or
344        dsa_verify_hash(\$buffer_containing_pub_key, $signature, $message_hash) or die "ERROR";
345

OpenSSL interoperability

347        ### let's have:
348        # DSA private key in PEM format - dsakey.priv.pem
349        # DSA public key in PEM format  - dsakey.pub.pem
350        # data file to be signed - input.data
351
352   Sign by OpenSSL, verify by Crypt::PK::DSA
353       Create signature (from commandline):
354
355        openssl dgst -sha1 -sign dsakey.priv.pem -out input.sha1-dsa.sig input.data
356
357       Verify signature (Perl code):
358
359        use Crypt::PK::DSA;
360        use Crypt::Digest 'digest_file';
361        use Crypt::Misc 'read_rawfile';
362
363        my $pkdsa = Crypt::PK::DSA->new("dsakey.pub.pem");
364        my $signature = read_rawfile("input.sha1-dsa.sig");
365        my $valid = $pkdsa->verify_hash($signature, digest_file("SHA1", "input.data"), "SHA1", "v1.5");
366        print $valid ? "SUCCESS" : "FAILURE";
367
368   Sign by Crypt::PK::DSA, verify by OpenSSL
369       Create signature (Perl code):
370
371        use Crypt::PK::DSA;
372        use Crypt::Digest 'digest_file';
373        use Crypt::Misc 'write_rawfile';
374
375        my $pkdsa = Crypt::PK::DSA->new("dsakey.priv.pem");
376        my $signature = $pkdsa->sign_hash(digest_file("SHA1", "input.data"), "SHA1", "v1.5");
377        write_rawfile("input.sha1-dsa.sig", $signature);
378
379       Verify signature (from commandline):
380
381        openssl dgst -sha1 -verify dsakey.pub.pem -signature input.sha1-dsa.sig input.data
382
383   Keys generated by Crypt::PK::DSA
384       Generate keys (Perl code):
385
386        use Crypt::PK::DSA;
387        use Crypt::Misc 'write_rawfile';
388
389        my $pkdsa = Crypt::PK::DSA->new;
390        $pkdsa->generate_key(20, 128);
391        write_rawfile("dsakey.pub.der",  $pkdsa->export_key_der('public'));
392        write_rawfile("dsakey.priv.der", $pkdsa->export_key_der('private'));
393        write_rawfile("dsakey.pub.pem",  $pkdsa->export_key_pem('public_x509'));
394        write_rawfile("dsakey.priv.pem", $pkdsa->export_key_pem('private'));
395        write_rawfile("dsakey-passwd.priv.pem", $pkdsa->export_key_pem('private', 'secret'));
396
397       Use keys by OpenSSL:
398
399        openssl dsa -in dsakey.priv.der -text -inform der
400        openssl dsa -in dsakey.priv.pem -text
401        openssl dsa -in dsakey-passwd.priv.pem -text -inform pem -passin pass:secret
402        openssl dsa -in dsakey.pub.der -pubin -text -inform der
403        openssl dsa -in dsakey.pub.pem -pubin -text
404
405   Keys generated by OpenSSL
406       Generate keys:
407
408        openssl dsaparam -genkey -out dsakey.priv.pem 1024
409        openssl dsa -in dsakey.priv.pem -out dsakey.priv.der -outform der
410        openssl dsa -in dsakey.priv.pem -out dsakey.pub.pem -pubout
411        openssl dsa -in dsakey.priv.pem -out dsakey.pub.der -outform der -pubout
412        openssl dsa -in dsakey.priv.pem -passout pass:secret -des3 -out dsakey-passwd.priv.pem
413
414       Load keys (Perl code):
415
416        use Crypt::PK::DSA;
417
418        my $pkdsa = Crypt::PK::DSA->new;
419        $pkdsa->import_key("dsakey.pub.der");
420        $pkdsa->import_key("dsakey.priv.der");
421        $pkdsa->import_key("dsakey.pub.pem");
422        $pkdsa->import_key("dsakey.priv.pem");
423        $pkdsa->import_key("dsakey-passwd.priv.pem", "secret");
424

SEE ALSO

426       •   <https://en.wikipedia.org/wiki/Digital_Signature_Algorithm>
427
428
429
430perl v5.34.0                      2022-02-14                 Crypt::PK::DSA(3)
Impressum