Mister PKI

All things PKI, HTTPS, SSL, TLS, Digital Certificates

by Leave a Comment

This article aims to help explain RSA vs DSA vs ECDSA and how and when to use each algorithm. NIST recommends a minimum security strength requirement of 112 bits, so use a key size for each algorithm accordingly.

RSA

RSA (Rivest–Shamir–Adleman) is a widely used public key algorithm applied mostly to the use of digital certificates. When using the RSA algorithm with digital certificates in a PKI (Public Key Infrastructure), the public key is wrapped in an X.509v3 certificate and the private key is kept private in a secure location, preferably accessible to as few people as possible. Because RSA is widely adopted, it is supported even in most legacy systems.

Currently, the minimum recommended key length for RSA keys is 2048. The larger the key, the less performant the algorithm is. RSA is still widely supported and considered secure for the near future.

DSA

DSA (Digital Signature Algorithm) is a public key algorithm used for Digital Signatures. While DSA can be used for encryption, it is mostly known (and created) for uses in digital signatures. DSA is not widely supported, however, the ECDSA variant is more rapidly becoming used in practice with digital certificates.

ECDSA

ECDSA (Elliptic Curve Digital Signature Algorithm) is related to DSA and uses ECC (Elliptic Curve Cryptography). ECDSA is commonly applied in a PKI (Public Key Infrastructure) and digital certificates, requiring a smaller key size than RSA. Because of this, performance is greater. ECDSA key size is twice as large as the security, making the required key length much smaller than with RSA. While a 2048 bit RSA private key provides 112 bits of security, ECDSA only requires a 224-bit private key to provide the same level of security. The main difference between RSA and ECDSA is not any one thing, but the ECDSA uses ECC and requires a much smaller key size for the same level of security as RSA.

Conclusion

The focus should be primarily on RSA and ECDSA for digital certificates and digital signatures. While RSA is the most widely adopted public key algorithm, keep an eye on the popularity of ECDSA as greater security strengths will be required and ECDSA stands to be much more performant as security strength requirements increase.

RSA vs DSA vs ECDSA

ECDSA vs RSA

RSA vs DSA

ECDSA vs DSA

RSA vs DSA vs ECDSA

DSA vs ECDSA

RSA or ECDSA

RSA DSA ECDSA

RSA and ECDSA

Read more of our content.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *