Why are DSA keys referred to as DSS keys when used with SSH?

  • When I generate a DSA key with ssh-keygen -t dsa, the resulting public key will begin with ssh-dss.

    How come? Why not ssh-dsa?

  • Adi

    Adi Correct answer

    7 years ago

    DSS is simply a document that describes the signing procedure and specifies certain standards. The original document is FIPS 186 and latest revision in 2013 is FIPS 186-4. DSS is a standard for digital signing.

    DSA is a cryptographic algorithm that generates keys, signs data, and verifies signatures. DSA, in itself, can use any hash function for its internal "cryptomagic", and it can also use any (L, N) for its parameters' length. DSS, as a standard, defines DSA's optional specifications.

    DSS says that DSA should use SHA-1 as its hash function (recently, SHA-2). DSS says that DSA should use specific length pairs such as (2048,224), (3072,256), etc.

    When SSH says DSS, they mean that they're implementing DSA in compliance with the DSS.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM

Tags used