On September 18, 2017 this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.
As an electronic analogue of a written signature, a digital signature provides assurance that:
Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), specifies three NIST-approved digital signature algorithms: DSA, RSA, and ECDSA. All three are used to generate and verify digital signatures, in conjunction with an approved hash function.
Learn more about the history of the DSS.
October 20, 2015: A Federal Register Notice (FRN) from NIST requests comments on the recommended elliptic curves specified in Appendix D of FIPS 186-4; comments on other parts of the FIPS will also be considered. The FRN includes questions that NIST would like commenters to address. The comment period ended December 4, 2015.
FIPS 180-4, Secure Hash Standard (SHS), and FIPS 202, SHA-3 Standard, specify approved hash functions for use with digital signatures (see the Secure Hashing toolkit page).
Special Publication (SP) 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications specifies methods for obtaining the assurance of:
All assurances are necessary for valid digital signatures.
Three publications, SP 800-90[A|B|C], specify approved methods for random number generation (see the Random Number Generation toolkit page).
SP 800-102, Recommendation for Digital Signature Timeliness, provides guidance for establishing when a digital signature was generated.
SP 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, provides the approach for transitioning between different algorithms and key lengths.
Testing requirements and validation lists for DSS implementations are available from the Cryptographic Algorithm Validation Program (CAVP).
Back to TopFIPS 186 was first published in 1994 and specified a digital signature algorithm (DSA) to generate and verify digital signatures. Later revisions − FIPS 186-1 (1998) and FIPS 186-2 (2000) − adopted two additional algorithms: the Elliptic Curve Digital Signature Algorithm (ECDSA) and the RSA digital signature algorithm.
FIPS 186-3 (2009) increased the key sizes allowed for DSA, provided additional requirements for the use of ECDSA and RSA, and included requirements for obtaining the assurances necessary for valid digital signatures. FIPS 186-3 also replaced the random number generator specifications included in previous versions with a reference to SP 800-90.
The latest version, FIPS 186-4 (2013), reduces restrictions on the use of random number generators and the retention and use of prime number generation seeds, and improves alignment with Public-Key Cryptography Standard (PKCS) #1.
Back to Top