Why can’t DSA be used for encryption?

Question

This question at StackOverflow mentions that DSA cannot be used for encryption. But both RSA and DSA can be used to generate public and private keys, right? Then why can't I use the DSA public key to encrypt?

score 19 · Accepted Answer · answered May 11 '12 at 09:02

DSA stands for "Digital Signature Algorithm" - and is specifically designed to produce digital signatures, not perform encryption.

The requirement for public/private keys in this system is for a slightly different purpose - whereas in RSA, a key is needed so anyone can encrypt, in DSA a key is needed so anyone can verify. In RSA, the private key allows decryption; in DSA, the private key allows signature creation.

The fact that RSA also can be used for signatures is a result of the textbook algorithm being a trapdoor permutation - in simple terms, this means the ciphertext and the plaintext are part of the same set space. It is not a requirement of a public key algorithm for this to be the case - public key algorithms just require trapdoor functions.

score 1 · Answer 2 · answered May 11 '12 at 11:51

1

I don't know about the math, but without encryption, DSA is not subject to encryption law. It can be used in a product and that product can be exported.

answered May 11 '12 at 11:51

ixe013

139
5

孙海城 · Answer 3 · 2019-10-01T11:00:01.910

To reduce misunderstandings, I modified it, just talking about the very question and the encryption .

I will try to answer this question with the help of OpenSSL commands and add some explanations to them.

1. The RSA algorithm can be used for `encryption`.

There is RSA encrytion command openssl rsautl in OpenSSL.

1.1. If encrypted by the `public key`, and decrypted by `secret key` , this is called encryption.

This is the encryption procedure by OpenSSL

1.1.1. The content of the file example.txt

 hello,openssl!

1.2.2. Encryption by public key rsa_pub_2048.pub

 openssl rsautl  -inkey rsa_pub_2048.pub -pubin  -in example.txt  -encrypt >example_encrypt.bin

1.3.3. Decryption by rsa_pri_2048.key rsa_pri_2048.key :

 openssl rsautl -inkey  rsa_pri_2048.key -decrypt  -in example_encrypt.bin

2. But the DSA algorithm is different from RSA.

2.1. The DSA algorithm can theoretically be used for `encryption` according to its mathematical properties because DSA is based on the discrete algorithm, and it can be used for Diffie–Hellman key exchange.

So a number can be negotiated by the DSA parameters, and we can use this number to encrypt.
(Just by the number itself, not by DES or AES.)

For example, this is one of the ways to encrypt using the negotiated number.
1. Since the number $K_M$ is negotiated by the two sides(Alice and Bob), they both know the number.
2. Alice encrypt the message $x \in Z_p^* $ , $y \equiv x \cdot K_M \pmod p$
3. Bob can decrypt the message $x \equiv y \cdot K_M^{-1} \pmod p$
This algorithm is take form the book 《Understanding Cryptography》

2.2. But there is no such standard for encryption by DSA in engineering.

So there is no such encryption command in OpenSSL.

2.3. So DSA is only used for signing in engineering.

The openssl dgst command can alse be used by RSA and ECDSA key. I just emphasize that there is no similar openssl rsautl command in DSA to encrypt directly.
This is the signature and verification procedure by openssl in DSA.

2.3.1. Sign a file file.txt by secret key dsakey_2048.pem

  openssl dgst -sha256 -sign dsakey_2048.pem  -out signature_2048.sign file.txt

2.3.2. Verify a signature by secret key dsakey_2048.pem

  openssl dgst -sha256 -prverify dsakey_2048.pem  -signature  signature_2048.sign  file.txt

2.3.3. Verify a signature by secret key dsakey_2048.pem

  openssl dgst -sha256 -verify pubkey_2048.pem  -signature  signature_2048.sign  file.txt

3. How does encryption is performed in HTTPS using DSA keys?

3.1. A big number is negotiated by the DSA parameters using Diffie–Hellman key exchange algorithm.

3.2. A symmetric encryption(such as AES) is used to encrypt by the big number.

This is the Cipher Suite by the DSA in HTTPS, it called DH+DSS+AES.

     TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068)
     TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)
     TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)
     TLS_DH_DSS_WITH_AES_128_GCM_SHA256 (0x00a4)
     TLS_DH_DSS_WITH_AES_128_CBC_SHA256 (0x003e)
     TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)
     TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)
     TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)

Why can’t DSA be used for encryption?

3 Answers3

1. The RSA algorithm can be used for `encryption`.

1.1. If encrypted by the `public key`, and decrypted by `secret key` , this is called encryption.

2. But the DSA algorithm is different from RSA.

2.1. The DSA algorithm can theoretically be used for `encryption` according to its mathematical properties because DSA is based on the discrete algorithm, and it can be used for Diffie–Hellman key exchange.

2.2. But there is no such standard for encryption by DSA in engineering.

2.3. So DSA is only used for signing in engineering.

3. How does encryption is performed in HTTPS using DSA keys?

3.1. A big number is negotiated by the DSA parameters using Diffie–Hellman key exchange algorithm.

3.2. A symmetric encryption(such as AES) is used to encrypt by the big number.

3.3 So the encrypt is performed by `Diffie–Hellman Algorithm` and `AES`, not by the DSA itself.

Why can’t DSA be used for encryption?

3 Answers3

1. The RSA algorithm can be used for encryption.

1.1. If encrypted by the public key, and decrypted by secret key , this is called encryption.

2. But the DSA algorithm is different from RSA.

2.1. The DSA algorithm can theoretically be used for encryption according to its mathematical properties because DSA is based on the discrete algorithm, and it can be used for Diffie–Hellman key exchange.

2.2. But there is no such standard for encryption by DSA in engineering.

2.3. So DSA is only used for signing in engineering.

3. How does encryption is performed in HTTPS using DSA keys?

3.1. A big number is negotiated by the DSA parameters using Diffie–Hellman key exchange algorithm.

3.2. A symmetric encryption(such as AES) is used to encrypt by the big number.

3.3 So the encrypt is performed by Diffie–Hellman Algorithm and AES, not by the DSA itself.

1. The RSA algorithm can be used for `encryption`.

1.1. If encrypted by the `public key`, and decrypted by `secret key` , this is called encryption.

2.1. The DSA algorithm can theoretically be used for `encryption` according to its mathematical properties because DSA is based on the discrete algorithm, and it can be used for Diffie–Hellman key exchange.

3.3 So the encrypt is performed by `Diffie–Hellman Algorithm` and `AES`, not by the DSA itself.