DSA Signature/Verification

less than a minute

DSA is analogous to ECDSA, except that computations are done in a finite field. Like ECDSA, the resulting signature is made up of two values, r and s. The Crypto Interface APIs do not perform any message digesting. The application is required to handle any steps before the DSA signing step.

To sign, call:

CRYPTO_INTERFACE_DSA_computeSignatureAux(g_pRandomContext, pPrivKey, pDigest, digestLen, NULL, &pR, &rLen, &pS, &sLen, NULL);

Buffers are allocated to hold r and s in a big-endian byte array form, and pR and pS are set to their locations. In the middle, pass NULL so that verification is not performed immediately after signing, and the final NULL is for the vlong queue. To verify, call:

CRYPTO_INTERFACE_DSA_verifySignatureAux(pPubKey, pDigest, digestLen, pR, rLen, pS, sLen, &isValid, NULL);

Here, isValid will be set to TRUE if it is a valid signature, and FALSE otherwise.

Important

Be sure to check that both the return status is OK and isValid is equal to TRUE before accepting that the signature is valid.

Was this page helpful?

Provide feedback

Need more help?

Account and platform

Certificates and PKI

Signing

Devices and IoT

Other resources

DSA Signature/Verification

Important