0

We can generate primes p,q and g for DSA in OpenSSL by using command:

openssl dsaparam -text -out dsaparam.pem 1024

Is it possible to generate primes p , q and g using an Hash Function in OpenSSL if value of L , N and hash function is known ?

Any help will be greatly appreciated!

user2363993
  • 123
  • 4
  • Related: 2015-11-26: [Crosspost on *openssl-users*](http://thread.gmane.org/gmane.comp.encryption.openssl.user/55964) – StackzOfZtuff Nov 26 '15 at 15:17
  • You should clarify the notation first. Probably better suited for [crypto.se]. – M'vy Nov 27 '15 at 09:30
  • DSA (Digital Sig Algo) can be used for generation / verification of DSA parameters (p,q and g) using dsaparam command. The DSA parameters p,q and g can then be used for generation of private key using gendsa command. The public keys for DSA can be created using dsa command. OpenSSL command-line tool provides three commands for generating DSA parameters and keys. Example for all three commands is given below:Step # 1 openssl dsaparam -out dsaparam.pem 1024 Step # 2 openssl gendsa -out dsaprivatekey.pem desparam.pem Step # 3 openssl dsa -in dsaprivatekey.pem -pbout -out dsapublickey.pem – user2363993 Nov 30 '15 at 06:04
  • @M'vy Thanks for your reply. The question was best suited for open_ssl user list but I did not get any reply. After doing more research , I have come to the conclusion that the best solution is to write a wrapper function to directly interact with the OpenSSL code. – user2363993 Nov 30 '15 at 06:15
  • @user2363993 The question is confusing for a couple of reasons: `g` is not a prime, and the values of `L` and `N` are not defined. As hash functions output what should be evenly distributed random values, chances are they are not prime numbers. Unless you're suggesting using the hash function to generate the random entropy needed? – RoraΖ Nov 30 '15 at 14:13
  • @RoraΖ L is the length of q and N is the length of p in bits. Probable Primes p and q can be generated using an Approved Hash Function. Please refer to Appendix A.1.1.2 of Federal Information Processing Standard (FIPS) 186-4, the Digital Signature Standard for details. One of the reply given at OpenSSL mailing list is copied below for the benefit of everyone. "One solution (if all else fails) is to implement the calculations diretcly using the bigint functions in version 1.0.2 and older of OpenSSL. This has worked very well for me in code that didn't need FIPS certification. Enjoy , Jakob ". – user2363993 Dec 03 '15 at 05:14

0 Answers0