DSA Signature Tool

Digital Signature Algorithm (FIPS 186)

FIPS 186-5 Deprecation Notice

DSA is deprecated for signature generation in FIPS 186-5 (February 2023). Only signature verification is approved. Consider using ECDSA or Ed25519 for new applications.

🔒 100% Local ProcessingYour input data is processed entirely in your browser. It is not uploaded to any server.

This tool only supports importing existing keys. Key generation is deprecated in FIPS 186-5.

Import DSA Keys

Paste your DSA keys (PEM format). Due to browser limitations, this tool does not support generating DSA keys. You can generate keys using OpenSSL and import them here.

Generate Keys with OpenSSL

# Generate DSA parameters
openssl dsaparam -out dsaparam.pem 2048

# Generate private key
openssl gendsa -out private.pem dsaparam.pem

# Export public key
openssl dsa -in private.pem -pubout -out public.pem

Private Key (PEM Format)

Public Key (PEM Format)

DSA signing is deprecated in FIPS 186-5. For new applications, use ECDSA or Ed25519.

Sign Message with DSA

Sign a message using the imported DSA private key. The message will be hashed with the selected algorithm before signing.

Hash Algorithm

Signature Output Format

Private Key (PEM Format)

Message to Sign

Signature verification is approved in FIPS 186-5 for validating existing DSA signatures.

Verify DSA Signature

Verify that a signature was created by the owner of the public key for the given message. This is the only DSA operation approved in FIPS 186-5.

Hash Algorithm

Public Key (PEM Format)

Message to Sign

Signature

Documentation

DSA (Digital Signature Algorithm) is a Federal Information Processing Standard for digital signatures specified in FIPS 186. Originally published in 1994, DSA was widely used for digital signature applications in government and commercial systems. While still secure when properly implemented, NIST has deprecated DSA for signature generation in FIPS 186-5 (2023) in favor of more efficient elliptic curve algorithms.

FIPS 186-5 Status

As of February 2023, NIST FIPS 186-5 no longer approves DSA for digital signature generation. Only DSA signature verification remains approved for validating signatures created prior to the transition. For new applications requiring digital signatures, NIST recommends ECDSA (P-256, P-384, P-521) or EdDSA (Ed25519, Ed448).

Key Features

FIPS Compliant: Conforms to NIST FIPS 186-4 Digital Signature Standard
Multiple Parameters: Supports (L, N) combinations of (2048, 256), (3072, 256), and legacy sizes
SHA-2 Family: Compatible with SHA-1 (legacy), SHA-224, and SHA-256 hash functions
DER Encoding: Outputs signatures in standard ASN.1 DER format
Browser-Based: All operations run locally in your browser using jsrsasign library

Supported Parameters

(2048, 256): Recommended parameter set. L=2048-bit prime modulus, N=256-bit prime divisor. Provides 112-bit security level.
(3072, 256): High security parameter set. L=3072-bit prime modulus for 128-bit security level. Slower but more future-proof.
(1024, 160): Legacy parameter set. Only for compatibility with existing systems. Not recommended for new applications.
(2048, 224): Alternative parameter set with N=224-bit divisor. Less common but still secure.

Hash Algorithms

SHA-256: Recommended hash function for DSA. Provides 128-bit collision resistance, suitable for (2048, 256) parameters.
SHA-224: Alternative hash function with 112-bit collision resistance. Suitable for standard security requirements.
Note: SHA-384 and SHA-512 are not supported in this implementation due to jsrsasign library limitations.
SHA-1: Legacy hash function with known weaknesses. Only use for verifying old signatures, never for new signatures.

Security Considerations

Migration Recommended: NIST recommends migrating from DSA to ECDSA or EdDSA for new signature applications.
Random Number Quality: DSA security critically depends on high-quality random numbers during signing. Poor randomness can reveal private keys.
Private Key Protection: Never expose or share your private key. Consider using hardware security modules (HSM) for sensitive applications.
Parameter Validation: Always validate DSA parameters (p, q, g) before use to prevent attacks using maliciously crafted parameters.
Local Processing: This tool runs entirely in your browser. Your keys never leave your device.

DSA vs Modern Signature Schemes

Feature	DSA (2048, 256)	ECDSA (P-256)	Ed25519
Private Key Size	~256 bits	256 bits	256 bits
Public Key Size	~2048 bits	512 bits	256 bits
Signature Size	~512 bits	512 bits	512 bits
Security Level	112 bits	128 bits	128 bits
FIPS 186-5 Status	Deprecated	Approved	Approved

References

Related Tools

ECDSA Signature Tool

Generate ECDSA key pairs, sign messages, and verify signatures with secp256k1, P-256, P-384, P-521 curves

Ed25519 Signature Tool

Generate Ed25519 key pairs, sign messages, and verify signatures using the Edwards-curve Digital Signature Algorithm

RSA Encryption/Decryption

Use RSA asymmetric encryption for public key encryption, private key decryption, digital signing and verification

SHA Hash Generator

Online SHA hash generator supporting SHA-1, SHA-256, SHA-384, SHA-512 algorithms