DSA Signature Verification and Validation

Signature verification may be performed by any party (i.e., the signatory, the intended recipient or any other party) using the signatory’s public key. A signatory may wish to verify that the computed signature is correct, perhaps before sending the signed message to the intended recipient.

The intended recipient (or any other party) verifies the signature to determine its authenticity.

Prior to verifying the signature of a signed message, the domain parameters, and the claimed signatory’s public key and identity shall be made available to the verifier in an authenticated manner.

The public key may, for example, be obtained in the form of a certificate signed by a trusted entity (e.g., a  Certification Authority) or in a face-to-face meeting with the public key owner.

Let M ?, r?, and s? be the received versions of M, r, and s, respectively; let y be the public key of the claimed signatory; and let N be the bit length of q. The signature verification process is as follows:

  1. The verifier shall check that 0 < r? < q and 0 < s? < q; if either condition is violated, the signature shall be rejected as invalid.
  2. If the two conditions in step 1 are satisfied, the verifier computes the following:
    w = (s?)-1 mod q.
    z = the leftmost N bits of Hash(M? ).
    u1 = (zw) mod q.
    u2 = ((r?)w) mod q.
    v = (((g)u1 (y)u2) mod p) mod q.
  3. If v = r?, then the signature is verified. For a proof that v = r? when M? = M, r? = r, and s?= s.
  4. If v does not equal r?, then the message or the signature may have been modified, there may have been an error in the signatory’s generation process, or an imposter (who did not know the private key associated with the public key of the claimed signatory) may have attempted to forge the signature. The signature shall be considered invalid. No inferencecan be made as to whether the data is valid, only that the signature is incorrect for that data.
  5. Prior to accepting the signature as valid, the verifier shall have assurances.

An organization’s policy may govern the action to be taken for invalid digital signatures.

Published in Digital Signatures , Saturday February 7th 2009
Tags: , , ,



8 Responses to “DSA Signature Verification and Validation”

  1. Giuly says:

    Microsoft Windows xp digital signatures ?

  2. admin says:

    The digital signature in Microsoft Windows XP is way of saying that the driver or software has not been developed and tested by Microsoft and the driver/software can make the operating system unstable.

    A lot of hardware devices come later than the date when your operating system was released so the system doesn’t recognize them. Typically this is not a problem and
    you should install the driver or software.

  3. Amex says:

    For no name brands or very less known brands you should be a bit careful in installing

  4. Carlos says:

    What is the name of those digital signature things that ups and fedex guys carry ?

  5. Rivas says:

    It called DIAD-Delivery Information Acquisition Device for UPS.

  6. Echelon says:

    POWER pads for FDX. You can find zip codes there for every country that fedex serve

  7. Mony says:

    What program from adobe allows you to create contracts with digital signatures ?

  8. admin says:

    Adobe Acrobat Professional

  9. Ken says:

    interesting post

  10. P. Silva says:

    a very good article about DSA Signature Verification and Validation

Leave a Reply


Privacy | About Us | Contact
Copyright © 2008 Home Automation - JAEC - All the rights reserved