Solved

# Signatures

Posted on 2003-02-19
Medium Priority
588 Views
Last Modified: 2010-04-11
Can anyone tell me how to build a signature with the following format:

// Signature part R:
...(10 hex DWORD values)
// Signature part S:
...(10 hex DWORD values)
// Signature part R:
...(10 hex DWORD values)
// Signature part S:
...(10 hex DWORD values)
// BIG p
...
// BIG q
...
// BIG g
...
// BIG y
...

Thanks

bukko
0
Question by:bukko
• 6
• 5
12 Comments

LVL 3

Expert Comment

ID: 7982274
what kind of signature?

More information is needed about your project, code needed and what you are attempting to do here.

Not to mention what you're asking could be misconstrewed as a virus by some.

0

LVL 8

Author Comment

ID: 7982638

Fair comment.
The signature is based on a DSA type private key, which I have.
I can create the usual kind of signature using the MS Crypto API, but the kind I need is in the format shown above. The problem is, I don't know what all the bits mean, or how to get them, etc.
I'm working in a Win32 development environment, so ideally I need a Win32 component or VB/C++ code which will produce this structure. Failing that, a description of what each part of the signature is will help!

Thanks

bukko
0

LVL 2

Accepted Solution

Jason_Deckard earned 1200 total points
ID: 7982715
Bukko,

Those variables look familar :)  I found this information in FIPS 186-2, which I believe to me the most recent version of the Digital Signature Standard:

======================================
The DSA makes use of the following parameters:

1. p = a prime modulus, where 2L-1 < p < 2L for 512 Â£ L Â£ 1024 and L a multiple of 64
2. q = a prime divisor of p - 1, where 2159 < q < 2160
3. g = h(p-1)/q mod p, where h is any integer with 1 < h < p - 1 such that h(p-1)/q mod p > 1 (g has order q mod p)
4. x = a randomly or pseudorandomly generated integer with 0 < x < q
5. y = gx mod p
6. k = a randomly or pseudorandomly generated integer with 0 < k < q
The integers p, q, and g can be public and can be common to a group of users. A user's private and public keys are x and y, respectively. They are normally fixed for a period of time. Parameters x and k are used for signature generation only, and must be kept secret. Parameter k must be regenerated for each signature.
Parameters p and q shall be generated as specified in Appendix 2, or using other FIPS approved security methods. Parameters x and k shall be generated as specified in Appendix 3, or using other FIPS approved security methods.

The signature of a message M is the pair of numbers r and s computed according to the equations below:

r = (gk mod p) mod q and
s = (k-1(SHA-1(M) + xr)) mod q.
In the above, k-1 is the multiplicative inverse of k, mod q; i.e., (k-1 k) mod q = 1 and 0 < k-1 < q. The value of SHA-1(M) is a 160-bit string output by the Secure Hash Algorithm specified in FIPS 180-1.
For use in computing s, this string must be converted to an integer. The conversion rule is given in Appendix 2.2.
As an option, one may wish to check if r = 0 or s = 0. If either r = 0 or s = 0, a new value of k should be generated and the signature should be recalculated (it is extremely unlikely that r = 0 or s = 0 if signatures are generated properly).
======================================

Although that defines the variables you mentioned, as well as how they are used to create M, you may still want to check the entire document: http://palms.ee.princeton.edu/fiskiran/repository/unclassified/nist00fips.pdf

Best of luck,
Jason Deckard
0

LVL 2

Expert Comment

ID: 7982739
Correction: M is the plain text message.  The DSA does not derive M.  The last sentence in my original reply indicates otherwise.  Sorry for any confusion.
0

LVL 8

Author Comment

ID: 7982765

Thanks Jason, and thanks especially for your second post; I would have been confused otherwise!!! :)

A couple of questions still remain:
(1) Is it ok to swear on this site?
(2) Does anyone know of a component which will produce the above, otherwsise I've got more work to do that my brain can handle.

If anyone can help any further on this, I don't mind upping the points!

Regards - and thanks again

bukko
0

LVL 2

Expert Comment

ID: 7982800
Bukko,

(1) From time to time we wish it were :)

(2) Download the OpenSSL library source code from http://openssl.org/ and review their implementation of DSA.  It is likely that their implementation of large numbers differs from yours, but the premise is the same.  With a decent set of functions to manipulate your large numbers, you should be able to pull this off rather painlessly.

-Jason
0

LVL 2

Expert Comment

ID: 7982868
If you decide to review the OpenSSL code, you will find the creation of variables (p, q, g, etc) in dsa_gen.c (crypto/dsa/dsa_gen.c) and the actual signing appears to happen in dsa_ossl.c (the signing function in dsa_sign.c simply calls a function found in dsa_ossl.c).
0

LVL 8

Author Comment

ID: 7983051

Thanks again Jason.

I'll have a go (though I'm a VB developer with a tiny smidgen of C++) and let you know if I run into any problems. Hmmm.....

Regards

bukko
0

LVL 8

Author Comment

ID: 7983077

p.s. just noticed a warning at the bottom of the OpenSSL page:

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

Maybe I should accept this answer and ask EE to scrub the question?

bukko
0

LVL 8

Author Comment

ID: 7986498

Thanks for the help, Jason.
I'll try and take it from there!

Regards

bukko
0

LVL 8

Author Comment

ID: 7986804

Jason,

if you add a comment to http://www.experts-exchange.com/Programming/Q_20520878.html I'll give you those points as well.

Thanks

bukko
0

LVL 2

Expert Comment

ID: 7989225
Thanks!
0

## Featured Post

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security tâ€¦
Itâ€™s a season to be thankful, and weâ€™re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundrâ€¦
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can reâ€¦
###### Suggested Courses
Course of the Month7 days, 23 hours left to enroll

#### 615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.