/ 
Crypt-DSA-0.13
River stage one • 2 direct dependents • 6 total dependents
Security Advisories (1)
CVE-2011-3599 (2011-10-10)

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.

Changes for version 0.13

  • Rewrote to use Math::BigInt instead of Math::Pari, including patches from Brad Fitzpatrick for a replacement for the isprime function (both using pure Perl and an external gp program).
  • Added optional Content argument to Crypt::DSA::Key->new, to specify serialized Content to be deserialized.
  • Added Signature serialization and deserialization of ASN.1-encoded structures.
  • Added ability to do key generation using an external openssl binary. Thanks to Brad Fitzpatrick for the patch.
  • Signature object now has better get/set acccessors.
  • Use Module::Install instead of hand-coded Makefile.PL.

Modules

Crypt::DSA
DSA Signatures and Key Generation
Crypt::DSA::Key
DSA key
Crypt::DSA::Key::PEM
Read/write DSA PEM files
Crypt::DSA::Key::SSH2
Read/write DSA SSH2 files
Crypt::DSA::KeyChain
DSA key generation system
Crypt::DSA::Signature
DSA signature object
Crypt::DSA::Util
DSA Utility functions

Provides

BufferWithInt
in lib/Crypt/DSA/Key/SSH2.pm

Other files