Citation[]
NIST, Digital Signature Standard (DSS) (FIPS 186-3) (June 2009) (full-text).
Overview[]
This "Digital Signature Standard" specifies algorithms for applications requiring a digital signature, rather than a written signature. A digital signature is represented in a computer as a string of bits. A digital signature is computed using a set of rules and a set of parameters that allow the identity of the signatory and the integrity of the data to be verified. Digital signatures may be generated on both stored and transmitted data.
Signature generation uses a private key to generate a digital signature; signature verification uses a public key that corresponds to, but is not the same as, the private key. Each signatory possesses a private and public key pair. Public keys may be known by the public; private keys are kept secret. Anyone can verify the signature by employing the signatory’s public key. Only the user that possesses the private key can perform signature generation.
This revision includes additional key sizes for the Digital Signature Algorithm (DSA) to provide higher security strengths, and guidance on the use of Rivest-Shamir-Adelman (RSA) and the Elliptic Curve Digital Signature Algorithm (ECDSA) to promote interoperability when using digital signatures.