Ah, cool. That seems to work, I'll look into it more closely. And it maybe already explains the next question I might have come up with because I want to re-use pre-calculated DSA parameters. Thanks for the quick reply. cft
--- En date de : Mer 11.8.10, Wei Dai <[email protected]> a écrit : > De: Wei Dai <[email protected]> > Objet: Re: DSA key generation, 2048 bits > À: "cft" <[email protected]>, [email protected] > Date: Mercredi 11 août 2010, 12h06 > Here is a GDSA key generation > example: > > DefaultAutoSeededRNG rng; > GDSA<SHA256>::Signer s; > s.AccessKey().GenerateRandom(rng, > MakeParameters(Name::ModulusSize(), > 2048)(Name::SubgroupOrderSize(), 256)); > GDSA<SHA256>::Verifier v(s); > > The main thing to note is that you need to specify the > SubgroupOrderSize, otherwise GDSA will pick a default that's > incompatible with FIPS 186-3. > > -------------------------------------------------- > From: "Wei Dai" <[email protected]> > Sent: Wednesday, August 11, 2010 4:51 AM > To: "cft" <[email protected]>; > <[email protected]> > Subject: Re: DSA key generation, 2048 bits > > > Try using the GDSA (which stands for generalized DSA) > class instead. It supports arbitrary key lengths and is > compatible with DSA. The DSA implementation hasn't been > updated to reflect FIPS 186-3 yet. > > > > -------------------------------------------------- > > From: "cft" <[email protected]> > > Sent: Wednesday, August 11, 2010 4:45 AM > > To: <[email protected]> > > Subject: DSA key generation, 2048 bits > > > >> Hi Guys, > >> I'm getting an error message when generating a > 2048 bit DSA key: > >> > >> Terminate called after throwing an instance of > 'CryptoPP::InvalidArgument' > >> what(): DSA: not a valid prime length > >> > >> Reading the Wiki, I'm actually not quite sure > whether Crypto++ supports 2048 bit DSA keys. As I understand > they are allowed according to FIPS 186-3. I did undefine > "DSA_1024_BIT_MODULUS_ONLY" but that (expectedly) didn't > help. According to DSA::MAX_PRIME_LENGTH the maximum key > size should be 1024 bits, which explains the error message. > >> > >> Where should I tweak? > >> > >> cft > >> > >> > >> > >> > >> > >> -- You received this message because you are > subscribed to the "Crypto++ Users" Google Group. > >> To unsubscribe, send an email to > >> [email protected]. > >> More information about Crypto++ and this group is > available at http://www.cryptopp.com. > >> > > > > -- You received this message because you are > subscribed to the "Crypto++ Users" Google Group. > > To unsubscribe, send an email to > > [email protected]. > > More information about Crypto++ and this group is > available at http://www.cryptopp.com. > > > -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
