1

I am trying to recreate a DSA public/private key to match an existing keyset. The existing public key is created with byte arrays P, Q, G, J, Y, Seed, Counter. The length of byte[] J is 112.

When creating a public/private keypair using..

var dsa = new DSACryptoServiceProvider();
var privateKey = dsa.ExportParameters(true);
var publicKey = dsa.ExportParameters(false);

.. byte[] J is null for both the public and private key.

Does anyone know what J is and how to populate this array? My end goal is to create a public key of the same size including byte[] J.

Thanks.

navitiello
  • 67
  • 6

1 Answers1

2

J seems to be an optional parameter introduced for efficiency reasons. It can be determined from P and Q and is defined as J = (P - 1) / Q according to RFC 3275, section 4.4.2.1 which specifies XML digital signature processing rules and syntax.

By definition, P - 1 is a multiple of Q (DSA, section Parameter generation). The quotient (P - 1) / Q is needed e.g. for the determination of the domain parameters, especially the generation of the generator, see FIPS PUB 186-4, section A.2.

I'd expect that the J-parameter of your key matches the calculated J-parameter from the P- and Q-parameters of your key according to the equation above.

I have no explanation why the DSACryptoServiceProvider-class doesn't calculate the J-parameter. I can only speculate that due to the optionality some implementations calculate the J-parameter and others don't (or no longer), and that it doesn't matter for the signature and verification whether this parameter is set or not.

Also informative are the mails from Brian LaMacchia from 2001, at that time the architect for cryptography in MS Windows Security, who discusses the purpose of the J-parameter, here, with Donald Eastlake, here. In the latter a draft is attached, which was later used in RFC 3275.

Community
  • 1
  • 1
Topaco
  • 40,594
  • 4
  • 35
  • 62