Crypt-DSA-1.18-TRIAL

Security Advisories (3)

CVE-2026-8700 (2026-05-15)

Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

CVE-2026-8704 (2026-05-15)

Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.

CVE-2026-12205 (2026-06-15)

Crypt::DSA versions before 1.21 for Perl reused the nonce across signatures, leading to private-key recovery. Crypt::DSA::sign caches the per-signature nonce material in the Key object without ever clearing it. The first sign() on a Key object picks a nonce, and every later sign() on that same object reuses it, producing an identical "r". Keys used to sign more than once with an affected version should be considered compromised.

Changes for version 1.18 - 2024-12-04

Changes since 1.17
- New Maintainer
- This release resolves CVE-2011-3599
- Added a statement to recommend against using DSA
- Fixed a few long standing bugs
- The build process is moved to Dist::Zilla
- Thanks to all the people who contributed to the tickets that were closed
Detailed Change List
- 3411005 Add a SECURITY statement about DSA
- 1f5df72 Fixes RT#71342: Patch to use Digest::SHA
- 06f420d Fix missed version numbers
- 1946ead Remove old MANIFEST and META.yml from repo
- 6c813c7 Fixes #19477: Crypt::DSA::Key -write comment wrong for public key
- c28a8a3 Fix some of the Dependencies in dist.ini
- fe15637 Fixed RT#71421: Systems without /dev/random may leak secret key
- cf81bfc Fixes RT #156495 for Crypt-DSA t/04-pem.t
- 24ac55b Convert build process to Dist::Zilla
- b680374 (tag: 1.17) Import Crypt::DSA-1.17 from CPAN release

Modules

Crypt::DSA

DSA Signatures and Key Generation

Crypt::DSA::Key

DSA key

Crypt::DSA::Key::PEM

Read/write DSA PEM files

Crypt::DSA::Key::SSH2

Read/write DSA SSH2 files

Crypt::DSA::KeyChain

DSA key generation system

Crypt::DSA::Signature

DSA signature object

Crypt::DSA::Util

DSA Utility functions

Provides

BufferWithInt

in lib/Crypt/DSA/Key/SSH2.pm UNAUTHORIZED

Other files

To install Crypt::DSA, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::DSA

CPAN shell

perl -MCPAN -e shell
install Crypt::DSA

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 1.18 - 2024-12-04

Modules

Provides

Other files

Module Install Instructions

Keyboard Shortcuts