Performing DSA Operations
240 RSA BSAFE Crypto-C Developer’s Guide
of
info
supplied to B_SetAlgorithmInfo is a pointer to the following:
Crypto-C will generate the prime, but you must decide how big that prime will be.
The number of prime bits can be anywhere from 512 to 2048. Larger numbers provide
greater security, but are also much slower. As with the RSA algorithm, RSA Security
recommends using 768 bits. To save time, because this is for illustrative purposes
only, this example will use 512. The subprime is always 160 bits long:
Step 3: Init
Initialize the generation process with B_GenerateInit. Build an algorithm chooser.
Because this function is quick, it is reasonable to pass
NULL_PTR as the surrender
context. Generating the parameters in Step 5 is time-consuming, though, so you will
use a surrender context there:
Step 4: Update
There is no Step 4 in generating DSA parameters.
typedef struct {
unsigned int primeBits; /* size of prime in bits */
} B_DSA_PARAM_GEN_PARAMS;
B_DSA_PARAM_GEN_PARAMS dsaParams;
dsaParams.primeBits = 512;
if ((status = B_SetAlgorithmInfo
(dsaParamGenerator, AI_DSAParamGen,
(POINTER)&dsaParams)) != 0)
break;
B_ALGORITHM_METHOD *DSA_PARAM_GEN_CHOOSER[] = {
&AM_SHA_RANDOM,
&AM_DSA_PARAM_GEN,
(B_ALGORITHM_METHOD *)NULL_PTR
};
if ((status = B_GenerateInit
(dsaParamGenerator, DSA_PARAM_GEN_CHOOSER,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
