{ "mode": "perldoc", "parameter": "Crypt::PK::DSA", "section": "", "url": "https://www.chedong.com/phpMan.php/perldoc/Crypt%3A%3APK%3A%3ADSA/json", "generated": "2026-06-09T11:59:54Z", "synopsis": "### OO interface\n#Encryption: Alice\nmy $pub = Crypt::PK::DSA->new('Bobpubdsa1.der');\nmy $ct = $pub->encrypt(\"secret message\");\n#\n#Encryption: Bob (received ciphertext $ct)\nmy $priv = Crypt::PK::DSA->new('Bobprivdsa1.der');\nmy $pt = $priv->decrypt($ct);\n#Signature: Alice\nmy $priv = Crypt::PK::DSA->new('Aliceprivdsa1.der');\nmy $sig = $priv->signmessage($message);\n#\n#Signature: Bob (received $message + $sig)\nmy $pub = Crypt::PK::DSA->new('Alicepubdsa1.der');\n$pub->verifymessage($sig, $message) or die \"ERROR\";\n#Key generation\nmy $pk = Crypt::PK::DSA->new();\n$pk->generatekey(30, 256);\nmy $privateder = $pk->exportkeyder('private');\nmy $publicder = $pk->exportkeyder('public');\nmy $privatepem = $pk->exportkeypem('private');\nmy $publicpem = $pk->exportkeypem('public');\n### Functional interface\n#Encryption: Alice\nmy $ct = dsaencrypt('Bobpubdsa1.der', \"secret message\");\n#Encryption: Bob (received ciphertext $ct)\nmy $pt = dsadecrypt('Bobprivdsa1.der', $ct);\n#Signature: Alice\nmy $sig = dsasignmessage('Aliceprivdsa1.der', $message);\n#Signature: Bob (received $message + $sig)\ndsaverifymessage('Alicepubdsa1.der', $sig, $message) or die \"ERROR\";", "sections": { "NAME": { "content": "Crypt::PK::DSA - Public key cryptography based on DSA\n", "subsections": [] }, "SYNOPSIS": { "content": "### OO interface\n\n#Encryption: Alice\nmy $pub = Crypt::PK::DSA->new('Bobpubdsa1.der');\nmy $ct = $pub->encrypt(\"secret message\");\n#\n#Encryption: Bob (received ciphertext $ct)\nmy $priv = Crypt::PK::DSA->new('Bobprivdsa1.der');\nmy $pt = $priv->decrypt($ct);\n\n#Signature: Alice\nmy $priv = Crypt::PK::DSA->new('Aliceprivdsa1.der');\nmy $sig = $priv->signmessage($message);\n#\n#Signature: Bob (received $message + $sig)\nmy $pub = Crypt::PK::DSA->new('Alicepubdsa1.der');\n$pub->verifymessage($sig, $message) or die \"ERROR\";\n\n#Key generation\nmy $pk = Crypt::PK::DSA->new();\n$pk->generatekey(30, 256);\nmy $privateder = $pk->exportkeyder('private');\nmy $publicder = $pk->exportkeyder('public');\nmy $privatepem = $pk->exportkeypem('private');\nmy $publicpem = $pk->exportkeypem('public');\n\n### Functional interface\n\n#Encryption: Alice\nmy $ct = dsaencrypt('Bobpubdsa1.der', \"secret message\");\n#Encryption: Bob (received ciphertext $ct)\nmy $pt = dsadecrypt('Bobprivdsa1.der', $ct);\n\n#Signature: Alice\nmy $sig = dsasignmessage('Aliceprivdsa1.der', $message);\n#Signature: Bob (received $message + $sig)\ndsaverifymessage('Alicepubdsa1.der', $sig, $message) or die \"ERROR\";\n", "subsections": [] }, "METHODS": { "content": "new\nmy $pk = Crypt::PK::DSA->new();\n#or\nmy $pk = Crypt::PK::DSA->new($privorpubkeyfilename);\n#or\nmy $pk = Crypt::PK::DSA->new(\\$buffercontainingprivorpubkey);\n\nSupport for password protected PEM keys\n\nmy $pk = Crypt::PK::DSA->new($privpemkeyfilename, $password);\n#or\nmy $pk = Crypt::PK::DSA->new(\\$buffercontainingprivpemkey, $password);\n\ngeneratekey\nUses Yarrow-based cryptographically strong random number generator seeded with random data taken\nfrom \"/dev/random\" (UNIX) or \"CryptGenRandom\" (Win32).\n\n$pk->generatekey($groupsize, $modulussize);\n# $groupsize ... in bytes .. 15 < $groupsize < 1024\n# $modulussize .. in bytes .. ($modulussize - $groupsize) < 512\n\n### Bits of Security according to libtomcrypt documentation\n# 80 bits => generatekey(20, 128)\n# 120 bits => generatekey(30, 256)\n# 140 bits => generatekey(35, 384)\n# 160 bits => generatekey(40, 512)\n\n### Sizes according section 4.2 of FIPS 186-4\n# (L and N are the bit lengths of p and q respectively)\n# L = 1024, N = 160 => generatekey(20, 128)\n# L = 2048, N = 224 => generatekey(28, 256)\n# L = 2048, N = 256 => generatekey(32, 256)\n# L = 3072, N = 256 => generatekey(32, 384)\n\n$pk->generatekey($paramhash)\n# $paramhash is { d => $d, p => $p, q => $q }\n# where $d, $p, $q are hex strings\n\n$pk->generatekey(\\$dsaparam)\n# $dsaparam is the content of DER or PEM file with DSA params\n# e.g. openssl dsaparam 2048\n\nimportkey\nLoads private or public key in DER or PEM format.\n\n$pk->importkey($filename);\n#or\n$pk->importkey(\\$buffercontainingkey);\n\nSupport for password protected PEM keys\n\n$pk->importkey($pemfilename, $password);\n#or\n$pk->importkey(\\$buffercontainingpemkey, $password);\n\nLoading private or public keys form perl hash:\n\n$pk->importkey($hashref);\n\n# where $hashref is a key exported via key2hash\n$pk->importkey({\np => \"AAF839A764E04D80824B79FA1F0496C093...\", #prime modulus\nq => \"D05C4CB45F29D353442F1FEC43A6BE2BE8...\", #prime divisor\ng => \"847E8896D12C9BF18FE283AE7AD58ED7F3...\", #generator of a subgroup of order q in GF(p)\nx => \"6C801901AC74E2DC714D75A9F6969483CF...\", #private key, random 0 < x < q\ny => \"8F7604D77FA62C7539562458A63C7611B7...\", #public key, where y = g^x mod p\n});\n\nSupported key formats:\n\n* DSA public keys\n\n-----BEGIN PUBLIC KEY-----\nMIIBtjCCASsGByqGSM44BAEwggEeAoGBAJKyu+puNMGLpGIhbD1IatnwlI79ePr4\nYHe2KBhRkheKxWUZRpN1Vd/+usS2IHSJ9op5cSWETiP05d7PMtJaitklw7jhudq3\nGxNvV/GRdCQm3H6d76FHP88dms4vcDYc6ry6wKERGfNEtZ+4BAKrMZK+gDYsF4Aw\nU6WVR969kYZhAhUA6w25FgSRmJ8W4XkvC60n8Wv3DpMCgYA4ZFE+3tLOM24PZj9Z\nrxuqUzZZdR+kIzrsIYpWN9ustbmdKLKwsqIaUIxc5zxHEhbAjAIf8toPD+VEQIpY\n7vgJgDhXuPq45BgN19iLTzOJwIhAFXPZvnAdIo9D/AnMw688gT6g6U8QCZwX2XYg\nICiVcriYVNcjVKHSFY/X0Oi7CgOBhAACgYB4ZTn4OYT/pjUd6tNhGPtOS3CE1oaj\n5ScbetXg4ZDpceEyQi8VG+/ZTbs8var8X77JdEdeQA686cAxpOaVgW8V4odvcmfA\nBfueiGnPXjqGfppiHAyL1Ngyd+EsXKmKVXZYAVFVI0WuJKiZBSVURU7+ByxOfpGa\nfZhibr0SggWixQ==\n-----END PUBLIC KEY-----\n\n* DSA private keys\n\n-----BEGIN DSA PRIVATE KEY-----\nMIIBuwIBAAKBgQCSsrvqbjTBi6RiIWw9SGrZ8JSO/Xj6+GB3tigYUZIXisVlGUaT\ndVXf/rrEtiB0ifaKeXElhE4j9OXezzLSWorZJcO44bnatxsTb1fxkXQkJtx+ne+h\nRz/PHZrOL3A2HOq8usChERnzRLWfuAQCqzGSvoA2LBeAMFOllUfevZGGYQIVAOsN\nuRYEkZifFuF5LwutJ/Fr9w6TAoGAOGRRPt7SzjNuD2Y/Wa8bqlM2WXUfpCM67CGK\nVjfbrLW5nSiysLKiGlCMXOc8RxIWwIwCH/LaDw/lRECKWO74CYA4V7j6uOQYDdfY\ni08zicCIQBVz2b5wHSKPQ/wJzMOvPIE+oOlPEAmcF9l2ICAolXK4mFTXI1Sh0hWP\n19DouwoCgYB4ZTn4OYT/pjUd6tNhGPtOS3CE1oaj5ScbetXg4ZDpceEyQi8VG+/Z\nTbs8var8X77JdEdeQA686cAxpOaVgW8V4odvcmfABfueiGnPXjqGfppiHAyL1Ngy\nd+EsXKmKVXZYAVFVI0WuJKiZBSVURU7+ByxOfpGafZhibr0SggWixQIVAL7Sia03\n8bvANjjL9Sitk8slrM6P\n-----END DSA PRIVATE KEY-----\n\n* DSA private keys in password protected PEM format:\n\n-----BEGIN DSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-CBC,227ADC3AA0299491\n\nUISxBYAxPQMl2eK9LMAeHsssF6IxO+4G2ta2Jn8VE+boJrrH3iSTKeMXGjGaXl0z\nDwcLGV+KMR70y+cxtTb34rFy+uSpBy10dOQJhxALDbe1XfCDQIUfaXRfMNA3um2I\nJdZixUD/zcxBOUzao+MCr0V9XlJDgqBhJ5EEr53XHH07Eo5fhiBfbbR9NzdUPFrQ\np2ASyZtFh7RXoIBUCQgg21oeLddcNWV7gd/Y46kghO9s0JbJ8C+IsuWEPRSq502h\ntSoDN6B0sxbVvOUICLLbQaxt7yduTAhRxVIJZ1PWATTVD7CZBVz9uIDZ7LOv+er2\n1q3vkwb8E9spPsA240+BnfD571XEop4jrawxC0VKQZ+3cPVLc6jhIsxvzzFQUt67\ng66v8GUgt7KF3KhVV7qEtntybQWDWb+K/uTIH9Ra8nP820d3Rnl61pPXDPlluteT\nWSLOvEMN2zRmkaxQNv/tLdT0SYpQtdjw74G3A6T7+KnvinKrjtp1a/AXkCF9hNEx\nDGbxOYo1UOmk8qdxWCrab34nO+Q8oQc9wjXHG+ZtRYIMoGMKREK8DeL4H1RPNkMf\nrwXWk8scd8QFmJAb8De1VQ==\n-----END DSA PRIVATE KEY-----\n\n* SSH public DSA keys\n\nssh-dss AAAAB3NzaC1kc3MAAACBAKU8/avmk...4XOwuEssAVhmwA==\n\n* SSH public DSA keys (RFC-4716 format)\n\n---- BEGIN SSH2 PUBLIC KEY ----\nComment: \"1024-bit DSA, converted from OpenSSH\"\nAAAAB3NzaC1kc3MAAACBAKU8/avmkFeGnSqwYG7dZnQlG+01QNaxu3F5v0NcL/SRUW7Idp\nUq8t14siK0mA6yjphLhOf5t8gugTEVBllP86ANSbFigH7WN3v6ydJWqm60pNhNHN//50cn\nNtIsXbxeq3VtsI64pkH1OJqeZDHLmu73k4T0EKOzsylSfF/wtVBJAAAAFQChpubLHViwPB\n+jSvUb8e4THS7PBQAAAIAJD1PMCiTCQa1xyD/NCWOajCufTOIzKAhm6l+nlBVPiKI+262X\npYt127Ke4mPL8XJBizoTjSQN08uHMg/8L6W/cdO2aZ+mhkBnS1xAm83DAwqLrDraR1w/4Q\nRFxr5Vbyy8qnejrPjTJobBN1BGsv84wHkjmoCn6pFIfkGYeATlJgAAAIAHYPU1zMVBTDWr\nu7SNC4G2UyWGWYYLjLytBVHfQmBa51CmqrSs2kCfGLGA1ynfYENsxcJq9nsXrb4i17H5BH\nJFkH0g7BUDpeBeLr8gsK3WgfqWwtZsDkltObw9chUD/siK6q/dk/fSIB2Ho0inev7k68Z5\nZkNI4XOwuEssAVhmwA==\n---- END SSH2 PUBLIC KEY ----\n\nexportkeyder\nmy $privateder = $pk->exportkeyder('private');\n#or\nmy $publicder = $pk->exportkeyder('public');\n\nexportkeypem\nmy $privatepem = $pk->exportkeypem('private');\n#or\nmy $publicpem = $pk->exportkeypem('public');\n#or\nmy $publicpem = $pk->exportkeypem('publicx509');\n\nWith parameter 'public' uses header and footer lines:\n\n-----BEGIN DSA PUBLIC KEY------\n-----END DSA PUBLIC KEY------\n\nWith parameter 'publicx509' uses header and footer lines:\n\n-----BEGIN PUBLIC KEY------\n-----END PUBLIC KEY------\n\nSupport for password protected PEM keys\n\nmy $privatepem = $pk->exportkeypem('private', $password);\n#or\nmy $privatepem = $pk->exportkeypem('private', $password, $cipher);\n\n# supported ciphers: 'DES-CBC'\n# 'DES-EDE3-CBC'\n# 'SEED-CBC'\n# 'CAMELLIA-128-CBC'\n# 'CAMELLIA-192-CBC'\n# 'CAMELLIA-256-CBC'\n# 'AES-128-CBC'\n# 'AES-192-CBC'\n# 'AES-256-CBC' (DEFAULT)\n\nencrypt\nmy $pk = Crypt::PK::DSA->new($pubkeyfilename);\nmy $ct = $pk->encrypt($message);\n#or\nmy $ct = $pk->encrypt($message, $hashname);\n\n#NOTE: $hashname can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n\ndecrypt\nmy $pk = Crypt::PK::DSA->new($privkeyfilename);\nmy $pt = $pk->decrypt($ciphertext);\n\nsignmessage\nmy $pk = Crypt::PK::DSA->new($privkeyfilename);\nmy $signature = $priv->signmessage($message);\n#or\nmy $signature = $priv->signmessage($message, $hashname);\n\n#NOTE: $hashname can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n\nverifymessage\nmy $pk = Crypt::PK::DSA->new($pubkeyfilename);\nmy $valid = $pub->verifymessage($signature, $message)\n#or\nmy $valid = $pub->verifymessage($signature, $message, $hashname);\n\n#NOTE: $hashname can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n\nsignhash\nmy $pk = Crypt::PK::DSA->new($privkeyfilename);\nmy $signature = $priv->signhash($messagehash);\n\nverifyhash\nmy $pk = Crypt::PK::DSA->new($pubkeyfilename);\nmy $valid = $pub->verifyhash($signature, $messagehash);\n\nisprivate\nmy $rv = $pk->isprivate;\n# 1 .. private key loaded\n# 0 .. public key loaded\n# undef .. no key loaded\n\nsize\nmy $size = $pk->size;\n# returns key size (length of the prime p) in bytes or undef if key not loaded\n\nsizeq\nmy $size = $pk->sizeq;\n# returns length of the prime q in bytes or undef if key not loaded\n\nkey2hash\nmy $hash = $pk->key2hash;\n\n# returns hash like this (or undef if no key loaded):\n{\ntype => 1, # integer: 1 .. private, 0 .. public\nsize => 256, # integer: key size in bytes\n# all the rest are hex strings\np => \"AAF839A764E04D80824B79FA1F0496C093...\", #prime modulus\nq => \"D05C4CB45F29D353442F1FEC43A6BE2BE8...\", #prime divisor\ng => \"847E8896D12C9BF18FE283AE7AD58ED7F3...\", #generator of a subgroup of order q in GF(p)\nx => \"6C801901AC74E2DC714D75A9F6969483CF...\", #private key, random 0 < x < q\ny => \"8F7604D77FA62C7539562458A63C7611B7...\", #public key, where y = g^x mod p\n}\n", "subsections": [] }, "FUNCTIONS": { "content": "dsaencrypt\nDSA based encryption as implemented by libtomcrypt. See method \"encrypt\" below.\n\nmy $ct = dsaencrypt($pubkeyfilename, $message);\n#or\nmy $ct = dsaencrypt(\\$buffercontainingpubkey, $message);\n#or\nmy $ct = dsaencrypt($pubkeyfilename, $message, $hashname);\n\n#NOTE: $hashname can be 'SHA1' (DEFAULT), 'SHA256' or any other hash supported by Crypt::Digest\n\nEncryption works similar to the Crypt::PK::ECC encryption whereas shared DSA key is computed,\nand the hash of the shared key XOR'ed against the plaintext forms the ciphertext.\n\ndsadecrypt\nDSA based decryption as implemented by libtomcrypt. See method \"decrypt\" below.\n\nmy $pt = dsadecrypt($privkeyfilename, $ciphertext);\n#or\nmy $pt = dsadecrypt(\\$buffercontainingprivkey, $ciphertext);\n\ndsasignmessage\nGenerate DSA signature. See method \"signmessage\" below.\n\nmy $sig = dsasignmessage($privkeyfilename, $message);\n#or\nmy $sig = dsasignmessage(\\$buffercontainingprivkey, $message);\n#or\nmy $sig = dsasignmessage($privkey, $message, $hashname);\n\ndsaverifymessage\nVerify DSA signature. See method \"verifymessage\" below.\n\ndsaverifymessage($pubkeyfilename, $signature, $message) or die \"ERROR\";\n#or\ndsaverifymessage(\\$buffercontainingpubkey, $signature, $message) or die \"ERROR\";\n#or\ndsaverifymessage($pubkey, $signature, $message, $hashname) or die \"ERROR\";\n\ndsasignhash\nGenerate DSA signature. See method \"signhash\" below.\n\nmy $sig = dsasignhash($privkeyfilename, $messagehash);\n#or\nmy $sig = dsasignhash(\\$buffercontainingprivkey, $messagehash);\n\ndsaverifyhash\nVerify DSA signature. See method \"verifyhash\" below.\n\ndsaverifyhash($pubkeyfilename, $signature, $messagehash) or die \"ERROR\";\n#or\ndsaverifyhash(\\$buffercontainingpubkey, $signature, $messagehash) or die \"ERROR\";\n", "subsections": [] }, "OpenSSL interoperability": { "content": "### let's have:\n# DSA private key in PEM format - dsakey.priv.pem\n# DSA public key in PEM format - dsakey.pub.pem\n# data file to be signed - input.data\n", "subsections": [ { "name": "Sign by OpenSSL, verify by Crypt::PK::DSA", "content": "Create signature (from commandline):\n\nopenssl dgst -sha1 -sign dsakey.priv.pem -out input.sha1-dsa.sig input.data\n\nVerify signature (Perl code):\n\nuse Crypt::PK::DSA;\nuse Crypt::Digest 'digestfile';\nuse Crypt::Misc 'readrawfile';\n\nmy $pkdsa = Crypt::PK::DSA->new(\"dsakey.pub.pem\");\nmy $signature = readrawfile(\"input.sha1-dsa.sig\");\nmy $valid = $pkdsa->verifyhash($signature, digestfile(\"SHA1\", \"input.data\"), \"SHA1\", \"v1.5\");\nprint $valid ? \"SUCCESS\" : \"FAILURE\";\n" }, { "name": "Sign by Crypt::PK::DSA, verify by OpenSSL", "content": "Create signature (Perl code):\n\nuse Crypt::PK::DSA;\nuse Crypt::Digest 'digestfile';\nuse Crypt::Misc 'writerawfile';\n\nmy $pkdsa = Crypt::PK::DSA->new(\"dsakey.priv.pem\");\nmy $signature = $pkdsa->signhash(digestfile(\"SHA1\", \"input.data\"), \"SHA1\", \"v1.5\");\nwriterawfile(\"input.sha1-dsa.sig\", $signature);\n\nVerify signature (from commandline):\n\nopenssl dgst -sha1 -verify dsakey.pub.pem -signature input.sha1-dsa.sig input.data\n" }, { "name": "Keys generated by Crypt::PK::DSA", "content": "Generate keys (Perl code):\n\nuse Crypt::PK::DSA;\nuse Crypt::Misc 'writerawfile';\n\nmy $pkdsa = Crypt::PK::DSA->new;\n$pkdsa->generatekey(20, 128);\nwriterawfile(\"dsakey.pub.der\", $pkdsa->exportkeyder('public'));\nwriterawfile(\"dsakey.priv.der\", $pkdsa->exportkeyder('private'));\nwriterawfile(\"dsakey.pub.pem\", $pkdsa->exportkeypem('publicx509'));\nwriterawfile(\"dsakey.priv.pem\", $pkdsa->exportkeypem('private'));\nwriterawfile(\"dsakey-passwd.priv.pem\", $pkdsa->exportkeypem('private', 'secret'));\n\nUse keys by OpenSSL:\n\nopenssl dsa -in dsakey.priv.der -text -inform der\nopenssl dsa -in dsakey.priv.pem -text\nopenssl dsa -in dsakey-passwd.priv.pem -text -inform pem -passin pass:secret\nopenssl dsa -in dsakey.pub.der -pubin -text -inform der\nopenssl dsa -in dsakey.pub.pem -pubin -text\n" }, { "name": "Keys generated by OpenSSL", "content": "Generate keys:\n\nopenssl dsaparam -genkey -out dsakey.priv.pem 1024\nopenssl dsa -in dsakey.priv.pem -out dsakey.priv.der -outform der\nopenssl dsa -in dsakey.priv.pem -out dsakey.pub.pem -pubout\nopenssl dsa -in dsakey.priv.pem -out dsakey.pub.der -outform der -pubout\nopenssl dsa -in dsakey.priv.pem -passout pass:secret -des3 -out dsakey-passwd.priv.pem\n\nLoad keys (Perl code):\n\nuse Crypt::PK::DSA;\n\nmy $pkdsa = Crypt::PK::DSA->new;\n$pkdsa->importkey(\"dsakey.pub.der\");\n$pkdsa->importkey(\"dsakey.priv.der\");\n$pkdsa->importkey(\"dsakey.pub.pem\");\n$pkdsa->importkey(\"dsakey.priv.pem\");\n$pkdsa->importkey(\"dsakey-passwd.priv.pem\", \"secret\");\n" } ] }, "SEE ALSO": { "content": "* \n", "subsections": [] } }, "summary": "Crypt::PK::DSA - Public key cryptography based on DSA", "flags": [], "examples": [], "see_also": [] }