[PYTHON-CRYPTO] m2crypto patch - DSA pub key handling

Dan Berger dberger at CS.UCR.EDU
Sat Jul 31 19:35:55 CEST 2004 

Sure:

Given a DSA keypair (pub/priv), you can transform it into it's
constituent parts; p,q,g,pub(,priv); like this:  (in this case, the
parts are output as DNS TXT records)

dsa = M2Crypto.DSA.load_key(keyfile)
 
# the result of dsa_get_[g|p|q|pub] is an mpi - 4 bytes of length, and
# the number in big endian, so loose the first four bytes to get just
# the number we care about
 
pub = M2Crypto.m2.dsa_get_pub(dsa.dsa)
g = M2Crypto.m2.dsa_get_g(dsa.dsa)
p = M2Crypto.m2.dsa_get_p(dsa.dsa)
q = M2Crypto.m2.dsa_get_q(dsa.dsa)
                                                                                
print 'pub_%s IN TXT "%s"' % (keyname, binascii.b2a_hex(pub[4:]))
print 'p_%s IN TXT "%s"' % (keyname, binascii.b2a_hex(p[4:]))
print 'q_%s IN TXT "%s"' % (keyname, binascii.b2a_hex(q[4:]))
print 'g_%s IN TXT "%s"' % (keyname, binascii.b2a_hex(g[4:]))

given hex strings containing the big-endian values of p,q,g, and pub, 

pub="674301d3901f6e13fb0b60bb35ba55994d23f368155aa87b88e8ac27e23bde576916ac150af1aa4fab88705a457769ccae17dacc5ee7ef65977acb6d738e8a02"
p="00d5a3e833e360f439bbef341a2387e49012f42410978dd167e0cc7071518c76f4e1a7c18a254572b6b995040e3ac69e7bb2b2d85569990d3a6a1cd137b24f8d71"
q="00e813778c56bb9a4ca6ed43516b3ff51347b7a15d"
g="182ffa2f14f9d8c0590a892e772f337f9a2cc0c37c5bc5348bfd6e1000b2e509eb06d2c29967d8361b818e63779bead8b5903311487db7c7bccdc8ecdef9cc78"

you can re-create the public half of the key to perform signature
verifications like this:

dsa = M2Crypto.DSA.DSA_pub(M2Crypto.m2.dsa_new())
dsa.set_params(M2Crypto.m2.bn_to_mpi(M2Crypto.m2.hex_to_bn(p)), \
	       M2Crypto.m2.bn_to_mpi(M2Crypto.m2.hex_to_bn(q)),  \
 	       M2Crypto.m2.bn_to_mpi(M2Crypto.m2.hex_to_bn(g)))
dsa.set_pub_key(M2Crypto.m2.bn_to_mpi(M2Crypto.m2.hex_to_bn(pub)))


On Sat, 2004-07-31 at 20:26 +0800, Ng Pheng Siong wrote: 
> Thanks, Dan.
> 
> Is it possible to add a small demo, to give an idea what the 'pub' param
> in set_pub_key should look like?

--

...Dan Berger [dberger at cs.ucr.edu]
   Department of Computer Science
   Surge Building, Room 357
   University of California, Riverside
   http://www.cs.ucr.edu/~dberger

   "The best way to predict the future is to invent it."

                             - Alan Kay
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20040731/92dd4c0d/attachment.pgp>

More information about the python-crypto mailing list