[PYTHON-CRYPTO] m2crypto patch - DSA pub key handling

Dan Berger dberger at CS.UCR.EDU
Sat Jul 31 19:35:55 CEST 2004


Given a DSA keypair (pub/priv), you can transform it into it's
constituent parts; p,q,g,pub(,priv); like this:  (in this case, the
parts are output as DNS TXT records)

dsa = M2Crypto.DSA.load_key(keyfile)
# the result of dsa_get_[g|p|q|pub] is an mpi - 4 bytes of length, and
# the number in big endian, so loose the first four bytes to get just
# the number we care about
pub = M2Crypto.m2.dsa_get_pub(dsa.dsa)
g = M2Crypto.m2.dsa_get_g(dsa.dsa)
p = M2Crypto.m2.dsa_get_p(dsa.dsa)
q = M2Crypto.m2.dsa_get_q(dsa.dsa)
print 'pub_%s IN TXT "%s"' % (keyname, binascii.b2a_hex(pub[4:]))
print 'p_%s IN TXT "%s"' % (keyname, binascii.b2a_hex(p[4:]))
print 'q_%s IN TXT "%s"' % (keyname, binascii.b2a_hex(q[4:]))
print 'g_%s IN TXT "%s"' % (keyname, binascii.b2a_hex(g[4:]))

given hex strings containing the big-endian values of p,q,g, and pub, 


you can re-create the public half of the key to perform signature
verifications like this:

dsa = M2Crypto.DSA.DSA_pub(M2Crypto.m2.dsa_new())
dsa.set_params(M2Crypto.m2.bn_to_mpi(M2Crypto.m2.hex_to_bn(p)), \
	       M2Crypto.m2.bn_to_mpi(M2Crypto.m2.hex_to_bn(q)),  \

On Sat, 2004-07-31 at 20:26 +0800, Ng Pheng Siong wrote: 
> Thanks, Dan.
> Is it possible to add a small demo, to give an idea what the 'pub' param
> in set_pub_key should look like?


...Dan Berger [dberger at cs.ucr.edu]
   Department of Computer Science
   Surge Building, Room 357
   University of California, Riverside

   "The best way to predict the future is to invent it."

                             - Alan Kay
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20040731/92dd4c0d/attachment.pgp>

More information about the python-crypto mailing list