NIST, Computer Security Division, Computer Security Resource Center
Digital Signatures
Approved Algorithms
Currently, there exist three (3) Approved* algorithms for generating and verifying digital signatures: DSA, RSA, and ECDSA. All three algorithms are used in conjunction with an Approved hash function.
Digital Signature Algorithm (DSA)
FIPS 186-3, Digital Signature Standard (DSS), June 2009.
NIST is proud to announce the publication of FIPS 186-3, The Digital Signature Standard. FIPS 186-3 is a revision of FIPS 186-2. The FIPS specifies three techniques for the generation and verification of digital signatures: DSA, ECDSA and RSA. This revision increases the length of the keys allowed for DSA, provides additional requirements for the use of ECDSA and RSA, and includes requirements for obtaining assurances necessary for valid digital signatures.
November 12, 2008: NIST requests comments on draft Special Publication 800-102, Recommendation for Digital Signature Timeliness. This Recommendation provides methods for obtaining assurance about the time that a message was signed. The concepts in this Recommendation were presented in the original public comment draft of FIPS 186-3, The Digital Signature Standard. Please submit comments to ebarker@nist.gov with "Comments on SP 800-102" in the subject line. The comment period closes on December 19, 2008.
An accompanying document to FIPS 186-3, NIST Special Publication (SP) 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications specifies methods for obtaining the assurances necessary for valid digital signatures.
NIST announces the release of Special Publication 800-106, Randomized Hashing for Digital Signatures. This Recommendation provides a technique to randomize the input messages to hash functions prior to the generation of digital signatures to strengthen security of the digital signatures.
RSA Digital Signatures
FIPS 186-3, Digital Signature Standard (DSS), June 2009.
FIPS 186-3 indicates that the RSA digital signature algorithm, as specified in ANSI X9.31 and PKCS #1, may be used for digital signature generation and verification.
October 20, 2006: An attack has been found on some implementations of RSA digital signatures using the padding scheme for RSASSA-PKCS1-v1_5 as specified in Public Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Standard-2002. A statement discussing the attack is available. A similar attack could also be applied to implementations of digital signatures as specified in American National Standard (ANS) X9.31. Note that this attack is not on the RSA algorithm itself, but on improper implementations of the signature verification process.
ECDSA Digital Signature Algorithm
FIPS 186-3, Digital Signature Standard (DSS), June 2009.
FIPS 186-3 indicates that the ECDSA digital signature algorithm, as specified in ANSI X9.62, may be used for digital signature generation and verification.
See the Notes in DSA section regarding the new drafts.
ANSI X9.62-2005, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 2005 (available from the ANSI X9 catalog).
ANSI X9.62 contains the complete specification for the ECDSA signature algorithm.
Elliptic curves recommended for Federal Government use can be found in Appendix D of FIPS 186-3. The white paper that originally specified these curves is also available.
Back to TopTesting Products
Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).
Back to TopAdditional Information
ITL Bulletin: Digital Signature Standard, November 1994.
This bulletin provides an overview of the DSS, including some information on patents (however, it does not include information on RSA or ECDSA - only DSA).
Back to Top