README
¶
DSA (Deprecated)
Digital Signature Algorithm - Legacy support only.
⚠️ Deprecation Notice
DSA is deprecated and should not be used for new applications.
Use modern alternatives:
- Ed25519 - Recommended for new applications
- ECDSA - NIST-approved alternative
This package is maintained for legacy compatibility only.
Overview
The dsa package provides Digital Signature Algorithm signatures as specified in FIPS 186-4. DSA is considered legacy technology and has been superseded by more secure and efficient algorithms.
Migration Guide
From DSA to Ed25519 (Recommended)
// Old: DSA
import "github.com/common-library/go/security/crypto/dsa"
dsaKey := &dsa.KeyPair{}
dsaKey.Generate(dsa.L2048N256)
signature, _ := dsaKey.Sign(message)
// New: Ed25519
import "github.com/common-library/go/security/crypto/ed25519"
ed25519Key := &ed25519.KeyPair{}
ed25519Key.Generate()
signature, _ := ed25519Key.Sign(message)
From DSA to ECDSA (NIST Alternative)
// Old: DSA
import "github.com/common-library/go/security/crypto/dsa"
dsaKey := &dsa.KeyPair{}
dsaKey.Generate(dsa.L2048N256)
// New: ECDSA
import (
"crypto/elliptic"
"github.com/common-library/go/security/crypto/ecdsa"
)
ecdsaKey := &ecdsa.KeyPair{}
ecdsaKey.Generate(elliptic.P256())
Why DSA is Deprecated
- Security Concerns - Vulnerable to weak random number generation
- Performance - Slower than modern alternatives
- Key Size - Large keys for equivalent security
- Industry Movement - NIST recommends ECDSA/Ed25519
- Limited Support - Decreasing support in modern systems
Legacy Documentation
For maintaining existing DSA systems only.
Installation
go get -u github.com/common-library/go/security/crypto/dsa
API Reference
Generate
func (kp *KeyPair) Generate(sizes dsa.ParameterSizes) error
Deprecated: Use Ed25519 or ECDSA instead.
Generates DSA key pair with specified parameter sizes:
dsa.L1024N160- 1024-bit L, 160-bit N (weak, not recommended)dsa.L2048N224- 2048-bit L, 224-bit Ndsa.L2048N256- 2048-bit L, 256-bit Ndsa.L3072N256- 3072-bit L, 256-bit N (maximum)
Sign
func (kp *KeyPair) Sign(message string) (Signature, error)
Deprecated: Use Ed25519 or ECDSA instead.
Creates DSA signature.
Verify
func (kp *KeyPair) Verify(message string, signature Signature) bool
Deprecated: Use Ed25519 or ECDSA instead.
Verifies DSA signature.
Legacy Example
package main
import (
"crypto/dsa"
"fmt"
"log"
"github.com/common-library/go/security/crypto/dsa"
)
func main() {
// ⚠️ Legacy code - do not use for new applications
keyPair := &dsa.KeyPair{}
err := keyPair.Generate(dsa.L2048N256)
if err != nil {
log.Fatal(err)
}
message := "Legacy message"
signature, err := keyPair.Sign(message)
if err != nil {
log.Fatal(err)
}
valid := keyPair.Verify(message, signature)
fmt.Printf("Signature valid: %v\n", valid)
}
Parameter Size Comparison
| Size | L (bits) | N (bits) | Security | Status |
|---|---|---|---|---|
| L1024N160 | 1024 | 160 | ~80-bit | ⚠️ Weak |
| L2048N224 | 2048 | 224 | ~112-bit | Deprecated |
| L2048N256 | 2048 | 256 | ~128-bit | Deprecated |
| L3072N256 | 3072 | 256 | ~128-bit | Deprecated |
Modern Alternatives Comparison
| Algorithm | Key Size | Speed | Security | NIST | Recommendation |
|---|---|---|---|---|---|
| DSA | 2048-3072 bits | Slow | Weak RNG risk | Yes (legacy) | ❌ Deprecated |
| ECDSA | 256-521 bits | Fast | Strong | Yes | ✅ Good |
| Ed25519 | 256 bits | Very Fast | Strong | No | ✅✅ Best |
Security Warnings
- Weak RNG - DSA is critically vulnerable to weak random number generators
- Nonce Reuse - Reusing nonce reveals private key
- L1024N160 - Should never be used (broken security)
- Timing Attacks - More vulnerable than modern algorithms
- Limited Lifespan - Support being removed from many systems
Migration Timeline
Recommended Migration Schedule:
- Immediate: Stop using DSA for new applications
- Short-term (< 6 months): Plan migration to Ed25519/ECDSA
- Medium-term (6-12 months): Begin migration of existing systems
- Long-term (12-24 months): Complete migration, remove DSA
Dependencies
crypto/dsa- Go standard librarycrypto/rand- Cryptographic random generatorcrypto/sha256- Message hashing
Further Reading
Documentation
¶
Overview ¶
Package dsa provides DSA digital signature cryptography.
Deprecated ¶
DSA is a legacy algorithm and should not be used for new applications. Use Ed25519 (crypto/ed25519) or ECDSA (crypto/ecdsa) instead. DSA keys with 1024-bit moduli are cryptographically weak.
This package is maintained only for compatibility with legacy systems.
Features ¶
- DSA key pair generation (L1024N160, L2048N224, L2048N256, L3072N256)
- Digital signature creation and verification
- PEM format support
Migration Recommendation ¶
// Instead of DSA:
import "github.com/common-library/go/security/crypto/ed25519"
keyPair := &ed25519.KeyPair{}
keyPair.Generate()
Package dsa provides dsa crypto related implementations.
Deprecated: DSA is a legacy algorithm and should not be used for new applications. Use Ed25519 (crypto/ed25519) or other modern alternatives instead. DSA keys with 1024-bit moduli are cryptographically weak.
Package dsa provides dsa crypto related implementations.
Deprecated: DSA is a legacy algorithm and should not be used for new applications. Use Ed25519 (crypto/ed25519) or other modern alternatives instead. DSA keys with 1024-bit moduli are cryptographically weak.
Package dsa provides dsa crypto related implementations.
Deprecated: DSA is a legacy algorithm and should not be used for new applications. Use Ed25519 (crypto/ed25519) or other modern alternatives instead. DSA keys with 1024-bit moduli are cryptographically weak.
Index ¶
- type KeyPairdeprecated
- func (kp *KeyPair) Generate(parameterSizes dsa.ParameterSizes) errordeprecated
- func (kp *KeyPair) GetKeyPair() (privateKey PrivateKey, publicKey PublicKey)deprecated
- func (kp *KeyPair) SetKeyPair(privateKey PrivateKey, publicKey PublicKey)deprecated
- func (kp *KeyPair) Sign(message string) (Signature, error)deprecated
- func (kp *KeyPair) Verify(message string, signature Signature) booldeprecated
- type PrivateKey
- func (pk *PrivateKey) Get() *dsa.PrivateKeydeprecated
- func (pk *PrivateKey) GetPemAsn1() (string, error)deprecated
- func (pk *PrivateKey) GetPublicKey() PublicKeydeprecated
- func (pk *PrivateKey) Set(privateKey *dsa.PrivateKey)deprecated
- func (pk *PrivateKey) SetPemAsn1(pemAsn1 string) errordeprecated
- func (pk *PrivateKey) SetSizes(parameterSizes dsa.ParameterSizes) errordeprecated
- func (pk *PrivateKey) Sign(message string) (Signature, error)deprecated
- func (pk *PrivateKey) Verify(message string, signature Signature) booldeprecated
- type PublicKey
- func (pub *PublicKey) Get() dsa.PublicKeydeprecated
- func (pub *PublicKey) GetPemAsn1() (string, error)deprecated
- func (pub *PublicKey) GetSsh() (string, error)deprecated
- func (pub *PublicKey) GetSshPublicKey() (ssh.PublicKey, error)deprecated
- func (pub *PublicKey) Set(publicKey dsa.PublicKey)deprecated
- func (pub *PublicKey) SetPemAsn1(pemAsn1 string) errordeprecated
- func (pub *PublicKey) SetSsh(sshKey string) errordeprecated
- func (pub *PublicKey) SetSshPublicKey(publicKey ssh.PublicKey) errordeprecated
- func (pub *PublicKey) Verify(message string, signature Signature) booldeprecated
- type Signaturedeprecated
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type KeyPair
deprecated
type KeyPair struct {
// contains filtered or unexported fields
}
KeyPair provides DSA key pair operations.
Deprecated: Use Ed25519 or ECDSA instead.
func (*KeyPair) Generate
deprecated
func (kp *KeyPair) Generate(parameterSizes dsa.ParameterSizes) error
Generate creates a new DSA key pair.
Deprecated: Use Ed25519 or ECDSA for new applications.
Parameters ¶
- parameterSizes: Key size (L1024N160, L2048N224, L2048N256, L3072N256)
Returns ¶
- error: Error if generation fails, nil on success
Examples ¶
keyPair := &dsa.KeyPair{}
err := keyPair.Generate(dsa.L2048N256)
func (*KeyPair) GetKeyPair
deprecated
func (kp *KeyPair) GetKeyPair() (privateKey PrivateKey, publicKey PublicKey)
GetKeyPair retrieves the private and public keys.
Deprecated: Use Ed25519 or ECDSA for new applications.
Returns ¶
- privateKey: DSA private key
- publicKey: DSA public key
Examples ¶
privateKey, publicKey := keyPair.GetKeyPair()
func (*KeyPair) SetKeyPair
deprecated
func (kp *KeyPair) SetKeyPair(privateKey PrivateKey, publicKey PublicKey)
SetKeyPair sets the private and public keys.
Deprecated: Use Ed25519 or ECDSA for new applications.
Parameters ¶
- privateKey: DSA private key
- publicKey: DSA public key
Examples ¶
keyPair.SetKeyPair(privateKey, publicKey)
func (*KeyPair) Sign
deprecated
Sign creates a digital signature for the message.
Deprecated: Use Ed25519 or ECDSA for new applications.
Parameters ¶
- message: Text message to sign
Returns ¶
- Signature: DSA signature (R and S components)
- error: Error if signing fails, nil on success
Examples ¶
signature, err := keyPair.Sign("message")
func (*KeyPair) Verify
deprecated
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey is struct that provides private key related methods.
func (*PrivateKey) Get
deprecated
func (pk *PrivateKey) Get() *dsa.PrivateKey
Get returns the underlying *dsa.PrivateKey.
Deprecated: DSA is cryptographically weak and should not be used.
This method provides direct access to the Go standard library dsa.PrivateKey.
Returns:
- *dsa.PrivateKey: The underlying private key
func (*PrivateKey) GetPemAsn1
deprecated
func (pk *PrivateKey) GetPemAsn1() (string, error)
GetPemAsn1 encodes the private key as a PEM-encoded ASN.1 string.
Deprecated: DSA is cryptographically weak and should not be used.
This method converts the DSA private key to PEM format using ASN.1 encoding.
Returns:
- string: PEM-encoded DSA private key
- error: Error if encoding fails
Behavior:
- Output format: "-----BEGIN DSA PRIVATE KEY-----\n...\n-----END DSA PRIVATE KEY-----"
Example:
// For legacy compatibility only pemString, err := privateKey.GetPemAsn1()
func (*PrivateKey) GetPublicKey
deprecated
func (pk *PrivateKey) GetPublicKey() PublicKey
GetPublicKey extracts the public key from the private key.
Deprecated: DSA is cryptographically weak and should not be used.
Every DSA private key contains the corresponding public key. This method creates a PublicKey instance containing the public key portion.
Returns:
- PublicKey: The corresponding public key
Example:
// For legacy compatibility only
privateKey := &dsa.PrivateKey{}
privateKey.SetSizes(dsa.L2048N256)
publicKey := privateKey.GetPublicKey()
func (*PrivateKey) Set
deprecated
func (pk *PrivateKey) Set(privateKey *dsa.PrivateKey)
Set assigns an existing *dsa.PrivateKey to this PrivateKey instance.
Deprecated: DSA is cryptographically weak and should not be used.
Parameters:
- privateKey: The dsa.PrivateKey to assign
func (*PrivateKey) SetPemAsn1
deprecated
func (pk *PrivateKey) SetPemAsn1(pemAsn1 string) error
SetPemAsn1 loads a private key from a PEM-encoded ASN.1 string.
Deprecated: DSA is cryptographically weak and should not be used.
This method decodes a PEM-encoded DSA private key and sets it as the current key.
Parameters:
- pemAsn1: PEM-encoded ASN.1 DSA private key string
Returns:
- error: Error if decoding fails
Example:
// For legacy compatibility only
pemData, _ := os.ReadFile("dsa_private.pem")
privateKey := &dsa.PrivateKey{}
err := privateKey.SetPemAsn1(string(pemData))
func (*PrivateKey) SetSizes
deprecated
func (pk *PrivateKey) SetSizes(parameterSizes dsa.ParameterSizes) error
SetSizes generates a new DSA private key with the specified parameter sizes.
Deprecated: DSA is cryptographically weak and should not be used. Use Ed25519 or ECDSA for new applications.
This method generates DSA parameters and a key pair. L1024N160 is weak and should never be used.
Parameters:
- parameterSizes: The L and N parameter sizes (L1024N160, L2048N224, L2048N256, L3072N256)
Returns:
- error: Error if key generation fails
Security Warning:
- L1024N160: Cryptographically broken, do not use
- L2048N256: Minimum for legacy compatibility
- L3072N256: Maximum DSA size, still deprecated
Example:
// For legacy compatibility only
privateKey := &dsa.PrivateKey{}
err := privateKey.SetSizes(dsa.L2048N256)
func (*PrivateKey) Sign
deprecated
func (pk *PrivateKey) Sign(message string) (Signature, error)
Sign creates a digital signature for the given message.
Deprecated: DSA is cryptographically weak and should not be used. Use Ed25519 or ECDSA for new applications.
This method generates a DSA signature using the private key. The message is automatically hashed with SHA-256 before signing.
Parameters:
- message: The string to sign
Returns:
- Signature: The signature containing R and S components
- error: Error if signing fails
Behavior:
- Message is hashed with SHA-256 automatically
- Uses cryptographically secure random number generator
- Vulnerable to weak RNG attacks (nonce reuse reveals private key)
Example:
// For legacy compatibility only
privateKey := &dsa.PrivateKey{}
privateKey.SetSizes(dsa.L2048N256)
signature, err := privateKey.Sign("legacy message")
func (*PrivateKey) Verify
deprecated
func (pk *PrivateKey) Verify(message string, signature Signature) bool
Verify verifies a digital signature against the message.
Deprecated: DSA is cryptographically weak and should not be used. Use Ed25519 or ECDSA for new applications.
This method verifies that a signature was created by the corresponding private key. The message is hashed with SHA-256 before verification.
Parameters:
- message: The original message that was signed
- signature: The signature to verify
Returns:
- bool: true if signature is valid, false otherwise
Example:
// For legacy compatibility only
valid := privateKey.Verify("legacy message", signature)
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey is struct that provides public key related methods.
func (*PublicKey) Get
deprecated
func (*PublicKey) GetPemAsn1
deprecated
GetPemAsn1 encodes the public key as a PEM-encoded ASN.1 string.
Deprecated: DSA is cryptographically weak and should not be used.
This method converts the DSA public key to PEM format using ASN.1 encoding.
Returns:
- string: PEM-encoded DSA public key
- error: Error if encoding fails
Example:
// For legacy compatibility only pemString, err := publicKey.GetPemAsn1()
func (*PublicKey) GetSsh
deprecated
GetSsh encodes the public key as an SSH authorized_keys format string.
Deprecated: DSA is cryptographically weak and should not be used. Modern SSH implementations are removing DSA support.
This method converts the DSA public key to SSH format.
Returns:
- string: SSH authorized_keys format string
- error: Error if encoding fails
Example:
// For legacy compatibility only sshKey, err := publicKey.GetSsh()
func (*PublicKey) GetSshPublicKey
deprecated
GetSshPublicKey converts the public key to an ssh.PublicKey.
Deprecated: DSA is cryptographically weak and should not be used.
Returns:
- ssh.PublicKey: The SSH public key instance
- error: Error if conversion fails
Example:
// For legacy compatibility only sshPubKey, err := publicKey.GetSshPublicKey()
func (*PublicKey) SetPemAsn1
deprecated
SetPemAsn1 loads a public key from a PEM-encoded ASN.1 string.
Deprecated: DSA is cryptographically weak and should not be used.
This method decodes a PEM-encoded DSA public key and sets it as the current key.
Parameters:
- pemAsn1: PEM-encoded ASN.1 DSA public key string
Returns:
- error: Error if decoding fails
Example:
// For legacy compatibility only
pemData, _ := os.ReadFile("dsa_public.pem")
publicKey := &dsa.PublicKey{}
err := publicKey.SetPemAsn1(string(pemData))
func (*PublicKey) SetSsh
deprecated
SetSsh loads a public key from an SSH authorized_keys format string.
Deprecated: DSA is cryptographically weak and should not be used. Modern SSH implementations are removing DSA support.
Parameters:
- sshKey: SSH authorized_keys format string
Returns:
- error: Error if parsing fails
Example:
// For legacy compatibility only
sshData, _ := os.ReadFile("id_dsa.pub")
publicKey := &dsa.PublicKey{}
err := publicKey.SetSsh(string(sshData))
func (*PublicKey) SetSshPublicKey
deprecated
SetSshPublicKey loads a public key from an ssh.PublicKey.
Deprecated: DSA is cryptographically weak and should not be used.
Parameters:
- publicKey: The ssh.PublicKey to convert
Returns:
- error: Error if conversion fails or key is not DSA
Example:
// For legacy compatibility only
sshPubKey, _ := ssh.ParsePublicKey(sshKeyBytes)
publicKey := &dsa.PublicKey{}
err := publicKey.SetSshPublicKey(sshPubKey)
func (*PublicKey) Verify
deprecated
Verify verifies a digital signature against the message.
Deprecated: DSA is cryptographically weak and should not be used. Use Ed25519 or ECDSA for new applications.
This method verifies that a signature was created by the corresponding private key. The message is hashed with SHA-256 before verification.
Parameters:
- message: The original message that was signed
- signature: The signature to verify
Returns:
- bool: true if signature is valid, false otherwise
Example:
// For legacy compatibility only
valid := publicKey.Verify("legacy message", signature)
type Signature
deprecated
Signature represents a DSA digital signature with R and S components.
Deprecated: DSA is cryptographically weak and should not be used.
A DSA signature consists of two large integers (R and S) that together prove the authenticity of a message. Both components are required for signature verification.
Security Warning:
- DSA signatures are vulnerable to weak random number generation
- Reusing the same random value (nonce) reveals the private key
- Use Ed25519 or ECDSA for new applications
Example:
// For legacy compatibility only
signature := dsa.Signature{
R: r, // First component
S: s, // Second component
}
Source Files