How do I verify a signature using DSA and my own "y" value in Python?

Question

I have to verify a signature using DSA FIPS 186-2 (I know it is not used anymore, but I need to make it work for a legacy system). My problem is I have the "y" DSA value, but I cannot work out how I can feed that into the Python code to create my own public key from the "y" value and then apply the verify.

For example below is what I have, but instead of generating a NEW key, I need to use my existing value?

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dsa
from cryptography.exceptions import InvalidSignature

private_key = dsa.generate_private_key(
     key_size=1024,
     backend=default_backend()
)
data = b"this is some data I'd like to sign"
signature = private_key.sign(
     data,
     hashes.SHA1()
)

public_key = private_key.public_key()

try:
    public_key.verify(
             signature,
             data,
             hashes.SHA1())
except InvalidSignature:
    print ("Invalid")

score 1 · Answer 1 · answered May 01 '20 at 20:20

A DSAPublicKey instance can be created from a DSAPublicNumbers instance, which can be created using the raw values:

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric.dsa import DSAParameterNumbers, DSAPublicNumbers

param = DSAParameterNumbers(p, q, g)
pnum = DSAPublicNumbers(y, param)

pubkey = pnum.public_key(backend=default_backend())

Note that in addition to the y value, you will need the DSA parameters p, q and g.

Torin thank you very much. This is what I was looking for. – Tobie van der Merwe May 02 '20 at 17:37 — Tobie van der Merwe, May 02 '20 at 17:37

How do I verify a signature using DSA and my own "y" value in Python?

1 Answers1