DSA Key generation, Sign file, Verify Signature

Generate DSA Keys 512 bit 1024 bit 2048 bit

Sign File Verify Signature Message

Signature genetaion required private key and file to be signed. Signature file will get downloaded Automatically

Signature Verification requires original file,signature file and public key

Your Support Matters!

Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just $9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency


DSA stands for “Digital Signature Algorithm” - and is specifically designed to produce digital signatures, not perform encryption.

DSA stands for “Digital Signature Algorithm” - and is specifically designed to produce digital signatures, not perform encryption.

  • The requirement for public/private keys in this system is for a slightly different purpose - whereas in RSA, a key is needed so anyone can encrypt, in DSA a key is needed so anyone can verify. In RSA, the private key allows decryption; in DSA, the private key allows signature creation.
  • DSA Private Key is used for generating Signature file
  • DSA public Key is used for Verifying the Signature.
  • DSA is a variant on the ElGamal and Schnorr algorithms creates a 320 bit signature, but with 512-1024 bit security security again rests on difficulty of computing discrete logarithms has been quite widely accepted

OpenSSL Commands for generating DSA Param, Singing File & verify File

 openssl dsaparam 2048 < /dev/random > dsa_param.pem
 openssl gendsa dsa_param.pem -out dsa_priv.pem
 openssl dsa -in dsa_priv.pem -pubout -out dsa_pub.pem

 # DSA system now made up of: dsa_param.pem, dsa_pub.pem, dsa_priv.pem

 echo "foobar" > foo.txt
 openssl sha1 < foo.txt > foo.txt.sha1
 openssl dgst -dss1 -sign dsa_priv.pem foo.txt.sha1 > foo.txt.sig
 openssl dgst -dss1 -verify dsa_pub.pem -signature foo.txt.sig foo.txt.sha1

DSA Key Generation

  1. firstly shared global public key values (p,q,g) are chosen:
  2. choose a large prime p = 2 power L where L= 512 to 1024 bits and is a multiple of 64
  3. choose q, a 160 bit prime factor of p-1
  4. choose g = h power (p-1)/q for any h1 then each user chooses a private key and computes their public key:
  5. choose x compute y = g power x(mod p)

DSA key generation is related to, but somewhat more complex than El Gamal. Mostly because of the use of the secondary 160-bit modulus q used to help speed up calculations and reduce the size of the resulting signature.

DSA Signature Creation and Verification

To sign a message M

  1. generate random signature key k, k compute
    r = (g power k(mod p))(mod q)
    s = k-1.SHA(M)+ x.r (mod q)
  1. send signature (r,s) with message

to verify a signature, compute:

  1. w = s-1(mod q)
  2. u1= (SHA(M).w)(mod q)
  3. u2= r.w(mod q)
  4. v = (g power u1.y power u2(mod p))(mod q)
    if v=r then the signature is verified