̉Ɛa      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`None<VfThe evidence generated when generating probably primes. This evidence can be used to ensure that the p and q/ values provided were generated appropriately.#UThe hash to use in generating the signature. We strongly recommend SHA256 or better.5Get the N parameter, in bits.6Get the L parameter, in bits.75Generate a DSA key pair. This will also generate the p, q, and gw parameters using provable and verifiable algorithms, with SHA-256 as the hash function. If you want to use your own p, q, and gE values or specify your own generation or hash function,, use the 8 function, below.8_Generate a key pair given a set of DSA parameters. You really should have validated this set (p, q, and g~) using the relevant functions below before you do this. Doing so even if you generated them is probably not a bad practice.yThis uses the method using extra random bits from FIPS 186-4. You better be using a good enough random number generator.9Sign a message using DSA. This method utilizes very good defaults for message signing that should be acceptable for most use cases: it uses SHA-256 for the hash function, and generates k\ using the methods described in RFC 6979. If you wish to change these defaults, please see  signMessaage'.:JVerify a DSA message signature. This uses the same default mechanisms as 9.;*Sign a message given the hash function an k_ generation routine. Returns either an error the signature generated. You can define your own kn generation routine ... but we don't recommend it. Actually, while we're recommending, we recommend you use ?#, if you're not sure which to use.<Verify a signed message. You need to know what hash algorithm they used to generate the signature, and pass it in. Returns True if the signature was valid.@Using an approved hash function -- at the point of writing, a SHA-2 variant -- generate values of p and q for use in DSA, for which p and q have a very high probability of being prime. In addition to p and q, this routine returns the "domain parameter seed" and "counter" used to generate the primes. These can be supplied to later validation functions; their secrecy is not required for the algorithm to work./The inputs to the function are the DSA parameters we are generating a key for, a source of entropy, the hash function to use, and (optionally) the length of the domain parameter seed to use. The last item must be greater to or later to the value of n, if supplied, and will be set to (n + 8) if not.~The security of this method depends on the strength of the hash being used. To that end, FIPS 140-2 requires a SHA-2 variant.AlValidate that the probable primes that either you generated or that someone provided to you are legitimate.B6Using an approved hash function -- at the point of writing, a SHA-2 variant -- generate values of p and q for use in DSA, for which p and q are provably prime. In addition to p and q, this routine generates a series of additional values that can be used to validate that this algorithm performed correctly.-The inputs to the function are the DSA parameters we are generating key for, a source of entropy, the hash function to use, and (optionally) an initial seed length in bits. The last item, if provided, must be greater than or equal to the N value being tested against, and must be a multiple of 8.ClValidate that the provable primes that either you generated or that someone provided to you are legitimate.DGenerate the generator g using a method that is not verifiable to a third party. Quoth FIPS: "[This] method ... may be used when complete validation of the generator g] is not required; it is recommended that this method be used only when the party generating g, is trusted to not deliberately generate a gG that has a potentially exploitable relationship to another generator g'.'The input to this function are a valid p and q&, generated using an approved method.uIt may be possible (?) that this routine could fail to find a possible generator. In that case, Nothing is returned.E"Validate that the given generator g works for the values p and q provided.FGenerate a generator g, given the values of p, q, the evidence created generating those values, and an index. Quoth FIPS: "This generation method supports the generation of multiple values of g for specific values of p and q!. The use of different values of g for the same p and q@ may be used to support key separation; for example, using the g that is generated with  index = 1! for digital signatures and with  index = 2 for key establishment."This method is replicatable, so that given the same inputs it will generate the same outputs. Thus, you can validate that the g< generated using this method was generated correctly using GF, which will be nice if you don't trust the person you're talking to.GValidate that the value g was generated by Fi or someone using the same algorithm. This is probably a good idea if you don't trust your compatriot. aDetermine if a given value is probably prime, using a testing procedure appropriate for the given DSA parameters. (The probability of an error is somewhere between 2^-80 and 2^-128, depending on the strength of the DSA parameters.)=This is based on the definitions in FIPS 186-4, Appendic C.3.HsPerform the given number of iterations of the Miller-Rabin test to try to determine if the given Integer is prime.KFind a and m such that input = 2^a * m.L=Convert a ByteString into its obvious Integer representation.M>Convert an Integer into its obvious ByteString representation.OA brute force check to determine if a number is prime. This answer is guaranteed to be correct, but should only be used on small numbers (less than 33 bits would be nice).Rbcde !"#$%&'()*+,-./0123456789:fgh;<=>?@iAp q  The evidence BThe DSA parameters to use source of randomness Hash function Optional seed length, in bits. Must be greater than or equal to N, and divisible by 8. jkCDEp q g Fp q  The evidence created generating p and q an index (This allows multiple gs from one pair) Gp q  The evidence created generating p and q an index (This allows multiple gs from one pair) g aHIJlmKnLMNOopqrsP  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOP01234  )*+,-./56789:#$%&'(;<" !=>?@ABCDEFGHONLIMKJ3bcde !"#$%&'()*+,-./0123456789:fgh;<=>?@iABjkCDEFGaHIJlmKnLMNOopqrsNone<VP5Generate a DSA key pair. This will also generate the p, q, and gw parameters using provable and verifiable algorithms, with SHA-256 as the hash function. If you want to use your own p, q, and gE values or specify your own generation or hash function,, use the Q function, below.Q_Generate a key pair given a set of DSA parameters. You really should have validated this set (p, q, and g~) using the relevant functions below before you do this. Doing so even if you generated them is probably not a bad practice.yThis uses the method using extra random bits from FIPS 186-4. You better be using a good enough random number generator.RSign a message using DSA. This method utilizes very good defaults for message signing that should be acceptable for most use cases: it uses SHA-256 for the hash function, and generates k\ using the methods described in RFC 6979. If you wish to change these defaults, please see  signMessaage'.SJVerify a DSA message signature. This uses the same default mechanisms as R.T*Sign a message given the hash function an k_ generation routine. Returns either an error the signature generated. You can define your own kn generation routine ... but we don't recommend it. Actually, while we're recommending, we recommend you use X#, if you're not sure which to use.UVerify a signed message. You need to know what hash algorithm they used to generate the signature, and pass it in. Returns True if the signature was valid.YUsing an approved hash function -- at the point of writing, a SHA-2 variant -- generate values of p and q for use in DSA, for which p and q have a very high probability of being prime. In addition to p and q, this routine returns the "domain parameter seed" and "counter" used to generate the primes. These can be supplied to later validation functions; their secrecy is not required for the algorithm to work./The inputs to the function are the DSA parameters we are generating a key for, a source of entropy, the hash function to use, and (optionally) the length of the domain parameter seed to use. The last item must be greater to or later to the value of n, if supplied, and will be set to (n + 8) if not.~The security of this method depends on the strength of the hash being used. To that end, FIPS 140-2 requires a SHA-2 variant.ZlValidate that the probable primes that either you generated or that someone provided to you are legitimate.[6Using an approved hash function -- at the point of writing, a SHA-2 variant -- generate values of p and q for use in DSA, for which p and q are provably prime. In addition to p and q, this routine generates a series of additional values that can be used to validate that this algorithm performed correctly.-The inputs to the function are the DSA parameters we are generating key for, a source of entropy, the hash function to use, and (optionally) an initial seed length in bits. The last item, if provided, must be greater than or equal to the N value being tested against, and must be a multiple of 8.\lValidate that the provable primes that either you generated or that someone provided to you are legitimate.]Generate the generator g using a method that is not verifiable to a third party. Quoth FIPS: "[This] method ... may be used when complete validation of the generator g] is not required; it is recommended that this method be used only when the party generating g, is trusted to not deliberately generate a gG that has a potentially exploitable relationship to another generator g'.'The input to this function are a valid p and q&, generated using an approved method.uIt may be possible (?) that this routine could fail to find a possible generator. In that case, Nothing is returned.^"Validate that the given generator g works for the values p and q provided._Generate a generator g, given the values of p, q, the evidence created generating those values, and an index. Quoth FIPS: "This generation method supports the generation of multiple values of g for specific values of p and q!. The use of different values of g for the same p and q@ may be used to support key separation; for example, using the g that is generated with  index = 1! for digital signatures and with  index = 2 for key establishment."This method is replicatable, so that given the same inputs it will generate the same outputs. Thus, you can validate that the g< generated using this method was generated correctly using `F, which will be nice if you don't trust the person you're talking to.`Validate that the value g was generated by _i or someone using the same algorithm. This is probably a good idea if you don't trust your compatriot. PQRSTUVWXYZp q  The evidence [The DSA parameters to use source of randomness Hash function Optional seed length, in bits. Must be greater than or equal to N, and divisible by 8. \]^p q g _p q  The evidence created generating p* and q an index (This allows multiple g9s from one pair) `p q  The evidence created generating p* and q an index (This allows multiple g9s from one pair) g tG  !"#$%&'()*+,-./0123456PQRSTUVWXYZ[\]^_`G01234  )*+,-./56PQRS#$%&'(TU" !VWXYZ[\]^_`PQRSTUVWXYZ[\]^_`tNone<VG  !"#$%&'()*+,-./0123456PQRSTUVWXYZ[\]^_`u        !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO789:;<=>?@ABCDEFGPQQRSTUVWXYZ[\]^_`abcDSA_JB5L4njhLRt9MEWe9ufJY4Codec.Crypto.DSA.PureCodec.Crypto.DSA.ExceptionsCodec.Crypto.DSAcrypt_HADiZzqHomD7Q8YPT5OtGXCrypto.Types.PubKey.DSAparams_qparams_gparams_pParamssign_ssign_r Signaturepublic_y public_params PublicKey private_xprivate_params PrivateKeyGenerationEvidenceProvablePrimesEvidence pvpeFirstSeed pvpePSeed pvpeQSeedpvpePGenCounterpvpeQGenCounterpvpeHashProbablePrimesEvidenceprpeDomainParameterSeed prpeCounterprpeHash KSequenceKValueKFailure KGenerator HashFunctionSHA1SHA224SHA256SHA384SHA512DSAErrorDSARandomGenerationErrorDSAInvalidSeedLengthDSAInvalidPrimeTestInputDSAInvalidInputDSAInternalInversionError DSAGaveUpParameterSizes L1024_N160 L2048_N224 L2048_N256 L3072_N256getNgetLgenerateKeyPairgenerateKeyPairWithParams signMessage verifyMessage signMessage'verifyMessage'kViaExtraRandomBitskViaTestingCandidates kViaRFC6979generateProbablePrimesvalidateProbablePrimesgenerateProvablePrimesvalidateProvablePrimesgenerateUnverifiableGeneratorgeneratorIsValidgenerateVerifiableGeneratorvalidateVerifiableGenerator millerRabinbss2intmodExp findAandMbs2intint2bs shaweTaylorisDeterministicallyPrime isPrimeC3NoGengetHashgetDomainParameterSeedrunHashrunHMac getHashLengthcomputeWconstructivePrimeGenreLeftmodInvxorbsintlen$fCryptoRandomGenNoGen*$fGenerationEvidenceProvablePrimesEvidence*$fGenerationEvidenceProbablePrimesEvidence$fEqProvablePrimesEvidence$fExceptionDSAError throwNothing