Re: DSA key generation, 2048 bits

[Wei Dai]

Here is a GDSA key generation example:

        DefaultAutoSeededRNG rng;
        GDSA<SHA256>::Signer s;
	s.AccessKey().GenerateRandom(rng, MakeParameters(Name::ModulusSize(), 
2048)(Name::SubgroupOrderSize(), 256));
        GDSA<SHA256>::Verifier v(s);
The main thing to note is that you need to specify the SubgroupOrderSize, 
otherwise GDSA will pick a default that's incompatible with FIPS 186-3.

--------------------------------------------------
From: "Wei Dai" <wei...@weidai.com>
Sent: Wednesday, August 11, 2010 4:51 AM
To: "cft" <cf.tri...@yahoo.fr>; <cryptopp-users@googlegroups.com>
Subject: Re: DSA key generation, 2048 bits

Try using the GDSA (which stands for generalized DSA) class instead. It 
supports arbitrary key lengths and is compatible with DSA. The DSA 
implementation hasn't been updated to reflect FIPS 186-3 yet.

--------------------------------------------------
From: "cft" <cf.tri...@yahoo.fr>
Sent: Wednesday, August 11, 2010 4:45 AM
To: <cryptopp-users@googlegroups.com>
Subject: DSA key generation, 2048 bits

Hi Guys,
I'm getting an error message when generating a 2048 bit DSA key:

Terminate called after throwing an instance of 
'CryptoPP::InvalidArgument'
 what():  DSA: not a valid prime length

Reading the Wiki, I'm actually not quite sure whether Crypto++ supports 
2048 bit DSA keys. As I understand they are allowed according to FIPS 
186-3. I did undefine "DSA_1024_BIT_MODULUS_ONLY" but that (expectedly) 
didn't help. According to DSA::MAX_PRIME_LENGTH the maximum key size 
should be 1024 bits, which explains the error message.

Where should I tweak?

cft





--
You received this message because you are subscribed to the "Crypto++ 
Users" Google Group.
To unsubscribe, send an email to 
cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.


--
You received this message because you are subscribed to the "Crypto++ 
Users" Google Group.
To unsubscribe, send an email to 
cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.


--
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.