xref: /openssl/doc/man7/EVP_PKEY-DSA.pod (revision 7ed6de99)
1=pod
2
3=head1 NAME
4
5EVP_PKEY-DSA, EVP_KEYMGMT-DSA - EVP_PKEY DSA keytype and algorithm support
6
7=head1 DESCRIPTION
8
9For B<DSA> the FIPS 186-4 standard specifies that the values used for FFC
10parameter generation are also required for parameter validation.
11This means that optional FFC domain parameter values for I<seed>, I<pcounter>
12and I<gindex> may need to be stored for validation purposes. For B<DSA> these
13fields are not stored in the ASN1 data so they need to be stored externally if
14validation is required.
15
16As part of FIPS 140-3 DSA is not longer FIPS approved for key generation and
17signature validation, but is still allowed for signature verification.
18
19=head2 DSA parameters
20
21The B<DSA> key type supports the FFC parameters (see
22L<EVP_PKEY-FFC(7)/FFC parameters>).
23
24It also supports the following parameters:
25
26=over 4
27
28=item "sign-check" (B<OSSL_PKEY_PARAM_FIPS_SIGN_CHECK>) <integer
29
30=item "fips-indicator" (B<OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
31
32See L<provider-keymgmt(7)/Common Information Parameters> for more information.
33
34=back
35
36=head2 DSA key generation parameters
37
38The B<DSA> key type supports the FFC key generation parameters (see
39L<EVP_PKEY-FFC(7)/FFC key generation parameters>
40
41The following restrictions apply to the "pbits" field:
42
43For "fips186_4" this must be either 2048 or 3072.
44For "fips186_2" this must be 1024.
45For "group" this can be any one of 2048, 3072, 4096, 6144 or 8192.
46
47=head2 DSA key validation
48
49For DSA keys, L<EVP_PKEY_param_check(3)> behaves in the following way:
50The OpenSSL FIPS provider conforms to the rules within the FIPS186-4
51standard for FFC parameter validation. For backwards compatibility the OpenSSL
52default provider uses a much simpler check (see below) for parameter validation,
53unless the seed parameter is set.
54
55For DSA keys, L<EVP_PKEY_param_check_quick(3)> behaves in the following way:
56A simple check of L and N and partial g is performed. The default provider
57also supports validation of legacy "fips186_2" keys.
58
59For DSA keys, L<EVP_PKEY_public_check(3)>, L<EVP_PKEY_private_check(3)> and
60L<EVP_PKEY_pairwise_check(3)> the OpenSSL default and FIPS providers conform to
61the rules within SP800-56Ar3 for public, private and pairwise tests respectively.
62
63=head1 EXAMPLES
64
65An B<EVP_PKEY> context can be obtained by calling:
66
67    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
68
69The B<DSA> domain parameters can be generated by calling:
70
71    unsigned int pbits = 2048;
72    unsigned int qbits = 256;
73    int gindex = 1;
74    OSSL_PARAM params[5];
75    EVP_PKEY *param_key = NULL;
76    EVP_PKEY_CTX *pctx = NULL;
77
78    pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);
79    EVP_PKEY_paramgen_init(pctx);
80
81    params[0] = OSSL_PARAM_construct_uint("pbits", &pbits);
82    params[1] = OSSL_PARAM_construct_uint("qbits", &qbits);
83    params[2] = OSSL_PARAM_construct_int("gindex", &gindex);
84    params[3] = OSSL_PARAM_construct_utf8_string("digest", "SHA384", 0);
85    params[4] = OSSL_PARAM_construct_end();
86    EVP_PKEY_CTX_set_params(pctx, params);
87
88    EVP_PKEY_generate(pctx, &param_key);
89    EVP_PKEY_CTX_free(pctx);
90
91    EVP_PKEY_print_params(bio_out, param_key, 0, NULL);
92
93A B<DSA> key can be generated using domain parameters by calling:
94
95    EVP_PKEY *key = NULL;
96    EVP_PKEY_CTX *gctx = NULL;
97
98    gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);
99    EVP_PKEY_keygen_init(gctx);
100    EVP_PKEY_generate(gctx, &key);
101    EVP_PKEY_CTX_free(gctx);
102    EVP_PKEY_print_private(bio_out, key, 0, NULL);
103
104
105=head1 CONFORMING TO
106
107The following sections of FIPS186-4:
108
109=over 4
110
111=item A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function.
112
113=item A.2.3 Generation of canonical generator g.
114
115=item A.2.1 Unverifiable Generation of the Generator g.
116
117=back
118
119=head1 SEE ALSO
120
121L<EVP_PKEY-FFC(7)>,
122L<EVP_SIGNATURE-DSA(7)>
123L<EVP_PKEY(3)>,
124L<provider-keymgmt(7)>,
125L<EVP_KEYMGMT(3)>,
126L<OSSL_PROVIDER-default(7)>,
127L<OSSL_PROVIDER-FIPS(7)>
128
129=head1 HISTORY
130
131DSA Key generation and signature generation are no longer FIPS approved in
132OpenSSL 3.4. See L<fips_module(7)/FIPS indicators> for more information.
133
134=head1 COPYRIGHT
135
136Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
137
138Licensed under the Apache License 2.0 (the "License").  You may not use
139this file except in compliance with the License.  You can obtain a copy
140in the file LICENSE in the source distribution or at
141L<https://www.openssl.org/source/license.html>.
142
143=cut
144