OpenSSL "dsaparam 512" - Generate DSA Short Keys

Q

How to generate a new DSA key pair with a shorter key size using OpenSSL "gendsa" command?

✍: FYIcenter.com

A

If you need a new DSA key pair with a shorter key size for testing purpose, you can use the OpenSSL "gendsa" command as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> dsaparam -out my_dsa_short.key -genkey 512
Generating DSA parameters, 512 bit long prime
This could take some time
............+..+.....+++++++++++++++++++++++++++++++++++++++++++++++++++*
...............+...+...+++++++++++++++++++++++++++++++++++++++++++++++++++*

OpenSSL> dsa -in my_dsa_short.key -text -noout
read DSA key
Private-Key: (512 bit)
priv:
    2d:32:ef:7f:78:de:2c:bf:60:07:e1:63:b5:77:b3:
    7d:6d:ab:93:98
pub:
    59:33:3b:54:17:e2:a5:29:22:f3:fc:0c:7d:6f:d3:
    66:5d:35:ed:22:23:3d:ac:3a:24:1a:a1:e6:92:bd:
    62:97:56:f2:a3:43:0e:11:1c:54:65:73:7f:17:eb:
    34:18:d5:bf:e0:eb:de:f0:93:e4:7e:05:48:51:18:
    e4:5d:a8:9d
P:
    00:f1:f6:81:53:b7:b2:cb:e5:b8:13:e3:03:38:14:
    cd:7f:4a:b6:12:80:c8:8f:45:50:43:72:56:55:b9:
    95:d0:92:b3:5d:3a:02:31:77:bc:68:c2:b2:41:01:
    74:99:4b:a7:d6:48:2b:d2:8b:5e:3b:65:a4:60:98:
    f6:18:f2:bd:01
Q:
    00:91:b6:b3:36:35:6f:a6:6e:90:f4:a9:e4:98:17:
    ef:1c:a9:94:29:f9
G:
    31:e6:15:c5:21:65:10:fa:e5:1a:47:44:b3:76:15:
    65:08:d2:20:e1:12:0c:6a:30:84:63:96:c7:f6:0c:
    7a:c6:98:b4:90:eb:22:a0:02:5e:63:5f:0d:1e:f0:
    16:4c:87:e5:c1:3f:b9:28:a2:d3:6e:38:18:eb:07:
    05:47:af:64
error in dsa

What this test tells us:

  • OpenSSL allows you to generate shorter DSA keys. The shortest ones are 512 bits. But don't use them in production systems. Any keys less than 2048-bit long is considered as unsafe.
  • OpenSSL "dsaparam -genkey" command option allows you to generate DSA parameters and private key and public pair in a single command.

 

OpenSSL "gendsa 10240" - Generate DSA Long Keys

OpenSSL "dsa -pubin" - View DSA Public Key

OpenSSL "gendsa" and "dsa" Commands

⇑⇑ OpenSSL Tutorials

2016-12-24, 739👍, 0💬