译注: tE! // TMG出的工具皆属精品,倾力推荐!我[HappyTown]自不量力地翻译了他的DSS/DSA-Keygenerator的信息部分。为了方便理解其内容,我做了部分注释,文中的[HT]即是俺。错误和不足之处,请各位批评指正。
DSS/DSA-Keygenerator (c) 2k by tHE EGOiSTE // TMG
Introduction
This tool has been coded for those who're planning to use DSA signatures in their own programs
but don't know how to generate keys which are safe to use. If you are no coder or/and are not
at least a little bit familiar with public-key cryptography, this tool is definately of no use for
you. Sorry. Next time I will probably better code some Tetris game. :-))
介绍
这个工具是为那些打算在他们自己的程序中使用DSA签名算法但不知道如何产生安全密钥的人而写的。如果你不是编程人员,或者/并且对公钥加密一点也不熟悉的话,那么可以明确地说,该工具对你毫无用处可言。对不起。下次我也许会编写一些Tetris游戏。
1. General stuff
In 1991 the Digital Signature Algorithm(DSA) has become the Digital Signature Standard(DSS).
DSA is a public-key signature scheme that uses a pair of transformations to generate and verify a
digital value called signature. DSA has been developed by the US National Security Agency(NSA)
and can -not- be used for encryption or key distribution. DSA is some variant of the ElGamal
signature algorithm and, as defined in the standard, uses the Secure Hash Algorithm(SHA/SHA-1) as one-way hash function.
1. 基本知识
1991年,数字签名算法(DSA)成为数字签名标准(DSS)。DSA是一种公钥签名方案,该方案使用一对转换以产生和验证一数字值,这个数字值即是签名。DSA由美国国家安全局(NSA)研制,它不能用于加密或者密钥分配。DSA是ElGamal签名算法的变种,并使用该标准[HT:指DSS]中定义的安全散列算法(SHA/SHA-1)作为单向散列函数。
2. Parameters
P = A prime number in range 512 to 1024 bits which must be a multiple of 64
Q = A 160 bit prime factor of P-1
G = H^((P-1)/Q) mod P. H is any number < P-1 such that H^((P-1)/Q) mod P > 1
X = A number < Q
Y = G^X mod P
Parameters P, Q, G and Y are public where Y is the public key. X is the private key and must be
kept secret! To obtain X from Y one needs to solve the Discrete Logarithm Problem which is virtually impossible for -properly- generated parameters of reasonable size.
2. 参数
P = 512位到1024位的素数,位数必须是64的整数倍
Q = P - 1的160位素因子
G = H^((P-1)/Q) mod P。其中H为任何小于P - 1,且满足H^((P-1)/Q) mod P > 1的整数
X = 一小于Q的整数
Y = G^X mod P
参数P、Q、G和Y公开,其中Y为公开密钥。X为私人密钥,必须保密!要通过Y求得X则必须解决离散对数问题,对于合适大小的正确产生的参数而言,这根本是不可能的。
3. Signing a message (M)
To sign M, carry through the following steps:
- Generate a -random- number K < Q. NEVER use same K twice or more to sign other messages!
- Compute R = (G^K mod P)mod Q
- Compute S = (K^-1*(SHA(M) + X*R)) mod Q
The number pair (R,S) is the signature of M.
3. 对消息(M)进行签名
要对M进行签名,则按以下步骤执行:
- 产生一小于Q的随机数K。永远不要把同一K使用两次或两次以上以对其它消息进行签名!
- 计算R = (G^K mod P) mod Q
- 计算S = (K^-1*(SHA(M) + X*R))mod Q
数字对(R,S)即是M的签名。
4. Verifying a signature (R,S) of M
- Compute W = S^-1 mod Q
- Compute U1 = (SHA(M) * W) mod Q
- Compute U2 = (R*W) mod Q
- Compute V = ((G^U1 * Y^U2) mod P) mod Q
If V == R the signature is verified.
4. 验证M的签名(R,S)
- 计算W = S^-1 mod Q
- 计算U1 = (SHA(M) * W) mod Q
- 计算 U2 = (R*W) mod Q
- 计算 V = ((G^U1 * Y^U2) mod P) mod Q
如果V == R,则签名有效。
5. Notes
- The bignumber library used in this program is MIRACL 4.45 (c) by Shamus Software Ltd.
It can be downloaded incl. Sources in C/CPP and manuals at: http://indigo.ie/~mscott/
Please note that the MIRACL lib is -not- free to use in commercial programs. Even worse,
the license fees are pretty high but you can, of course, use any other bignumber library.
A very good alternative is Freelip (current version 1.1)
- Base60 conversion table (as used by MIRACL):
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx
- Base64 conversion table:
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Please note that the Base64 format is not supported by MIRACL. I used own routines. Conversion starts at MSB and ends at LSB of the hex representation of each number. This may be incompatible with 3rd party base64 conversion routines.
Parameters R and S of the signatures generated in the Test Dialog are separated by a <space>.
- A small part of the DSA parameter generation uses some random data as seed value for a PRNG. This generator will NOT be re-initialized during runtime. I.e. you will get different DSA keys every time you press the Generate button. This is done on purpose, as it makes abusing this tool to recover a Keypair much more difficult. Generated random data will be saved to file 'dsaseed.rnd' and loaded automoatically on each start of the program.
tE! // TMG
5. 注意事项
- 本程序使用了Shamus软件公司的MIRACL 4.45 (c)大数库。C/CPP形式的源代码和手册可以从http://indigo.ie/~mscott/下载到。请注意,在商业软件中使用MIRACL库不是免费的。更糟糕的是许可费相当高,但是你可以--当然嘛--使用任何其它大数库。一个很好的选择就是Freelip(当前的版本是1.1)。
- Base60转换表(MIRACL库即是如此):
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwx
- Base64转换表:
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
请注意MIRACL库不支持Base64格式。我使用我自己编写的子程序。对于十六进制表示的数而言,转换始于MSB,终于LSB。这可能和其它第三方的Base64转换子程序不兼容。
在测试对话框中产生的签名参数R和S用空格分开。
- 一小部分DSA参数的生成使用了一些随机数据作为种子值(对伪随机数生成器而言)。在运行期间,该生成器不会重新初始化。也就是说,你每次按下生成按钮将会得到不同的DSA密钥。是有意这么做的,因为这将使得用这个工具恢复出一密钥对[HT:指X和Y]变得非常非常困难。生成的随机数据被保存在dsaseed.rnd文件中,程序每次启动时会自动加载它们。
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
