Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Digital Signatures

Overview

As an electronic analogue of a written signature, a digital signature provides assurance that:

  1. the claimed signatory signed the information, and
  2. the information was not modified after signature generation.

Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), specifies three NIST-approved digital signature algorithms: DSA, RSA, and ECDSA. All three are used to generate and verify digital signatures, in conjunction with an approved hash function specified in FIPS 180-4, Secure Hash Standard or FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions.

February 3, 2023

NIST published Federal Information Processing Standard (FIPS) 186-5, Digital Signature Standard (DSS), along with NIST Special Publication (SP) 800-186, Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters.  

Please see the CSRC News item for full details.  A Federal Register Notice (FRN) was also issued announcing the issuance of FIPS 186-5, Digital Signature Standard.  


Testing DSS Implementations

Testing requirements and validation lists for DSS implementations are available from the Cryptographic Algorithm Validation Program (CAVP).

 

Implementation-related References

 

History of the DSS (FIPS 186)

FIPS 186 was first published in 1994 and specified a digital signature algorithm (DSA) to generate and verify digital signatures.  Later revisions − FIPS 186-1 (1998) and FIPS 186-2 (2000) − adopted two additional algorithms: the Elliptic Curve Digital Signature Algorithm (ECDSA) and the RSA digital signature algorithm. 

FIPS 186-3 (2009) increased the key sizes allowed for DSA, provided additional requirements for the use of ECDSA and RSA, and included requirements for obtaining the assurances necessary for valid digital signatures. FIPS 186-3 also replaced the random number generator specifications included in previous versions with a reference to SP 800-90.

The latest version, FIPS 186-4 (2013), reduces restrictions on the use of random number generators and the retention and use of prime number generation seeds, and improves alignment with Public-Key Cryptography Standard (PKCS) #1.

Created January 04, 2017, Updated March 16, 2023