NIST, Computer Security Division, Computer Security Resource Center
Digital Signatures
Approved Algorithms
Currently, there exist three (3) Approved* algorithms for generating and verifying digital signatures: DSA, RSA, and ECDSA. All three algorithms are used in conjunction with an Approved hash function.
Digital Signature Algorithm (DSA)
FIPS 186-3, Digital Signature Standard (DSS), June 2009.
NIST is proud to announce the publication of FIPS 186-3, The Digital Signature Standard. FIPS 186-3 is a revision of FIPS 186-2. The FIPS specifies three techniques for the generation and verification of digital signatures: DSA, ECDSA and RSA. This revision increases the length of the keys allowed for DSA, provides additional requirements for the use of ECDSA and RSA, and includes requirements for obtaining assurances necessary for valid digital signatures.
September 22, 2009: NIST announces the completion of SP 800-102, Recommendation for Digital Signature Timeliness. Establishing the time when a digital signature was generated is often a critical consideration. A signed message that includes the (purported) signing time provides no assurance that the private key was used to sign the message at that time unless the accuracy of the time can be trusted. With the appropriate use of digital signature-based timestamps from a Trusted Timestamp Authority (TTA) and/or verifier-supplied data that is included in the signed message, the signatory can provide some level of assurance about the time that the message was signed.
An accompanying document to FIPS 186-3, NIST Special Publication (SP) 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications specifies methods for obtaining the assurances necessary for valid digital signatures.
NIST announces the release of Special Publication 800-106, Randomized Hashing for Digital Signatures. This Recommendation provides a technique to randomize the input messages to hash functions prior to the generation of digital signatures to strengthen security of the digital signatures.
RSA Digital Signatures
FIPS 186-3, Digital Signature Standard (DSS), June 2009.
FIPS 186-3 indicates that the RSA digital signature algorithm, as specified in ANSI X9.31 and PKCS #1, may be used for digital signature generation and verification.
October 20, 2006: An attack has been found on some implementations of RSA digital signatures using the padding scheme for RSASSA-PKCS1-v1_5 as specified in Public Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Standard-2002. A statement discussing the attack is available. A similar attack could also be applied to implementations of digital signatures as specified in American National Standard (ANS) X9.31. Note that this attack is not on the RSA algorithm itself, but on improper implementations of the signature verification process.
ECDSA Digital Signature Algorithm
FIPS 186-3, Digital Signature Standard (DSS), June 2009.
FIPS 186-3 indicates that the ECDSA digital signature algorithm, as specified in ANSI X9.62, may be used for digital signature generation and verification.
See the Notes in DSA section regarding the new drafts.
ANSI X9.62-2005, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), 2005 (available from the ANSI X9 catalog).
ANSI X9.62 contains the complete specification for the ECDSA signature algorithm.
Elliptic curves recommended for Federal Government use can be found in Appendix D of FIPS 186-3. The white paper that originally specified these curves is also available.
Back to TopTesting Products
Testing requirements and validation lists are available from the Cryptographic Algorithm Validation Program (CAVP).
Back to TopAdditional Information
ITL Bulletin: Digital Signature Standard, November 1994. This bulletin provides an overview of the DSS, including some information on patents (however, it does not include information on RSA or ECDSA - only DSA).
July 29, 2011: NIST requests comments on Special Publication (SP) 800-133, Recommendation for Cryptographic Key Generation. Cryptography relies upon two basic components: an algorithm (or cryptographic methodology) and a cryptographic key. This Recommendation discusses the generation of the keys to be managed and used by NIST’s approved cryptographic algorithms. Please provide comments by September 30th, 2011 to SP-800-133_Comments@nist.gov, with “Comments on SP 800-133 Key Generation” in the subject line.
April 12, 2011: NIST requested comments for Draft Special Publication (SP) 800-131B, Transitions: Validation of Transitioning Cryptographic Algorithm and Key Lengths. on February 10, 2001. SP 800-131B provides details about the validation of the cryptographic algorithms and cryptographic modules in transition, as specified in SP 800-131A. These are the comments received.
April 12, 2011: NIST requested comments for Draft Special Publication (SP) 800-131C, Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3 on February 10, 2011. SP 800-131C addresses both the cryptographic algorithm validations and the cryptographic module validations that are conducted by NIST’s Cryptographic Algorithm Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP), respectively. These are the comments received.
January 13, 2011: NIST announces the completion of Special Publication (SP) 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. This Recommendation provides the approach for transitioning from the use of one algorithm or key length to another, as initially addressed in Part 1 of SP 800-57.
Back to Top