[Bug 2115] Support for DSA p=2048 q=256/224 bit keys
Mark D. Baushke
mdb at juniper.net
Wed Jun 5 16:44:56 EST 2013
> --- Comment #2 from Cipher <dhanukumar1990 at gmail.com> ---
> Thanks Damien.
>
> Yes we were creating the keys using openssl and also using
> ssh-keygen(After removing 1024 bit limit gate in the code).
> One of our third party applications support only DSA keys, so we cant
> use ECDSA. FIPS 140-2/3 requires 2048 with q=224/256. So how difficult
> it will be and how much sense will it make to change ssh-dss to use 32
> byte seg parts?
NIST SP 800-131A also mandates you would need to use SHA2-256 instead of
SHA-1 for public key signature verification to meet FIPS 140-2/3
requirements.
Given ssh-dss in RFC 4253 specifies ssh-dss format as
| ssh-dss REQUIRED sign Raw DSS Key
| ...
| Signing and verifying using this key format is done according to the
| Digital Signature Standard [FIPS-186-2] using the SHA-1 hash
| [FIPS-180-2].
|
| The resulting signature is encoded as follows:
|
| string "ssh-dss"
| string dss_signature_blob
|
| The value for 'dss_signature_blob' is encoded as a string containing
| r, followed by s (which are 160-bit integers, without lengths or
| padding, unsigned, and in network byte order).
It is the 160-bit SHA-1 hash that is your real problem.
The openssh-unix-dev list has a suggestion for adding ssh-rsa-sha256 and
ssh-dss-sha256
I believe this has been filed as Bug 2109 by Geoff Lowe.
I therefore suggest that Bug 2115 is not a sufficient representation of
your issue and that you would also need to see Bug 2109 addressed as
well.
-- Mark
More information about the openssh-unix-dev
mailing list