Digital Signature Algorithm - Obsidian Publish

## Overview DSA is a widely accepted standard for digital signatures. Introduced by the U.S. National Institute of Standards and Technology (NIST) in the early 1990s, DSA allows parties to digitally sign electronic documents, verifying both the integrity and [[authenticity]] of the message. ## Key Concepts - **Private Key**: A secret random number chosen from a set range. Used for generating digital signatures. - **Public Key**: Derived from the private key and some publicly shared parameters. Used for signature verification. - **Signature**: A pair of numbers, often denoted as (r, s), produced from the private key and the hash of the message. ## How DSA Works 1. **Key Generation**: Generate private and corresponding public keys using shared public parameters. 2. **Signing**: The message's hash, the private key, and a random number (known as k) are used to produce the (r, s) signature pair. 3. **Verification**: A recipient uses the signer's public key, the message's hash, and the (r, s) signature pair to validate the [[authenticity]] and integrity of the message. ## Benefits - **[[authenticity]]**: Confirms the identity of the sender. - **Integrity**: Ensures that the message has not been altered in transit. - **Non-Repudiation**: Senders cannot deny having sent the message. ## Common Uses - **Digital Certificates**: Widely used for signing SSL/TLS certificates. - **Secure Communications**: Used for signing emails and documents to confirm their origin and integrity. - **Software Distribution**: Ensures that the software has not been tampered with post-signing. ## Vulnerabilities - **Key Length**: Earlier recommendations for key lengths are now considered insecure. It's crucial to keep up with current key length recommendations. - **Random Number Generation**: If 'k' is not random or is ever reused, the private key might be revealed. ## Related Concepts - **[[RSA]]**: Another [[algorithm]] for digital signatures and encryption. - **[[Elliptic Curve Digital Signature Algorithm]] ([[Elliptic Curve Digital Signature Algorithm|ECDSA]])**: A variant of DSA that employs [[Elliptic Curve Cryptography]]. - **Public Key Infrastructure (PKI)**: The framework that digital signatures operate within, including certificate authorities, registration authorities, and digital certificates.