When used with SSH keys, why are the DSA keys referred to as DSS keys i.e why does the public key begin with ssh-dss?

2.2K    Asked by AnkitChauhan in SQL Server , Asked on Dec 17, 2021

While generating a DSA key, why does the resulting public key begin with ssh-dss? Why not ssh-dsa?  While trying to know more about it, I came across an article saying - The DSA private key is used to generate digital signatures, and the DSA public key is used to verify digital signatures. The difficulty of the discrete logarithm problem is the basis for the NIST Digital Signature Standard (DSS) public key algorithm.

Answered by Anna Ball

To explain why the public key is called ssh dss, you must understand that DSS is simply a document that describes the signing procedure and specifies certain standards. The original document is FIPS 186 and the latest revision in 2013 is FIPS 186-4. DSS is a standard for digital signing.

DSA is a cryptographic algorithm that generates keys, signs data, and verifies signatures. DSA, in itself, can use any hash function for its internal "cryptomagic", and it can also use any (L, N) for its parameters' length. DSS, as a standard, defines DSA's optional specifications.
DSS says that DSA should use SHA-1 as its hash function (recently, SHA-2). DSS says that DSA should use specific length pairs such as (2048,224), (3072,256), etc.

When SSH says DSS, they mean that they're implementing DSA in compliance with the DSS.

Your Answer


Parent Categories