000018444 - How to save DSA parameters for use in DSA key generation so new parameters do not have to be generated each time we generate new keys

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018444
Applies ToDSA key generation for RSA BSAFE Crypto-C (all versions)
RSA BSAFE Crypto-C
You can set an algorithm object to drive key generation with DSA parameters using AI_DSAKeyGen and B_SetAlgorithmInfo
To extract DSA parameters, perhaps for future use, from an algorithm object created and set for key generation by B_GenerateParameters, use B_GetAlgorithmInfo with AI_DSAKeyGen. In theory, you should be able to do something like:

A_DSA_PARAMS *paramInfo = NULL;
if ((status = B_GenerateParameters (dsaParamGenerator, dsaKeyGenObj,
                                       randomAlgorithm,
                                       (A_SURRENDER_CTX *)NULL_PTR)) != 0)
     break;

   if ((status = B_GetAlgorithmInfo ((POINTER *)&paramInfo, dsaKeyGenObj,
                                     AI_DSAKeyGen)) != 0)
     break;
However, there is a bug currently in Crypto-C.  When you do the B_GetAlgorithmInfo call with AI_DSAKeyGen following B_GenerateParameters, the paramInfo will still be NULL.  You need to do it after generating the keypair:
After doing the above, you should be able to use those parameters to set an algorithm object with AI_DSAKeyGen for key generation:

     B_ALGORITHM_OBJ tmp = NULL;

     status = B_CreateKeyObject (&dsaPublicKey);
     if (status != 0)
       break;

     status = B_CreateKeyObject (&dsaPrivateKey);
     if (status != 0)
       break;

     status = B_CreateAlgorithmObject (&tmp);
     if (status != 0)
       break;

     status = B_SetAlgorithmInfo (tmp, AI_DSAKeyGen, (POINTER)paramInfo);
     if (status != 0)
       break;

     status = B_GenerateInit (tmp, DSA_CHOOSER, NULL);
     if (status != 0)
       break;

     status = B_GenerateKeypair (tmp, dsaPublicKey, dsaPrivateKey,
                                 randomAlgorithm, NULL);
     if (status != 0)
       break;
IssueHow to save DSA parameters for use in DSA key generation so new parameters do not have to be generated each time we generate new keys
Compared to RSA key generation, generation of DSA keypairs takes too long
Parameter generation takes the bulk of that time
ResolutionThere is no need to, nor should you for performance reasons, generate new parameters each time you generate a new DSA keypair. If you separate these two operations, the actual keypair generation time is more reasonable.

if ((status = B_GenerateKeypair (dsaKeyGenObj, dsaPublicKey,
                                    dsaPrivateKey, randomAlgorithm,
                                    (A_SURRENDER_CTX *)NULL_PTR)) != 0)
     break;

   if ((status = B_GetAlgorithmInfo ((POINTER *)&paramInfo, dsaKeyGenObj,
                                     AI_DSAKeyGen)) != 0)
     break;
Legacy Article IDa882

Attachments

    Outcomes