Blog/Expert Analysis/

RSA vs DSA certificates: who wins in a fight?

Jan 17, 2020

rsa vs dsa

Same same, but different, but still same.

James Franco’s cult phrase from the movie “The Interview” (2014) may sound silly, but it works. Take a look around and you’ll notice at least two products fitting that mold. RSA and DSA are no exception. Both are algorithms used in cybersecurity and are often used in similar ways.

But then why are there two of them? A good question that we’ll answer below. To prevent confusion and help out beginners, we'll start with a short introduction of both algorithms.

What is RSA?

RSA is one of the first public-key encryption systems, created in 1977. RSA was discovered by Ron Rivest, Adi Shamir, and Leonard Adleman, whose last names make up the RSA's name. This algorithm took a while before it found its place. However, in the dawn of the internet, RSA spread like wildfire. It wasn't just another encryption algorithm, but a whole new way to exchange secrets remotely. RSA also came with a digital signature.

We have recently explained RSA in a separate blog post. If you'd like to know more about the RSA certificate, check it out.

What is DSA?

DSA (Digital Signature Algorithm) is also an asymmetric-key encryption algorithm which came much later than RSA. Since its development in 1991, the National Institute of Standards and Technology pushed to adopt the algorithm on a federal level. Despite the widespread popularity of the RSA algorithm in the private sector, DSA became the standard for a lot of US government agencies.

Note that we’re not talking here about DSA as an encryption tool like the RSA can be. DSA is only used in digital signatures. In fact, this is a perfect segue into the next part. So, what is a digital signature?

DSA vs RSA: the battle of digital signatures

Asymmetric-key cryptography is based on an exchange of two keys — private and public. Since the public key is accessible to all, anyone could get yours and then contact you pretending to be someone else. Luckily, authentication problems were solved early in the internet age with digital signatures.

Two major parts of a digital signature in public-key cryptography are the sender’s private key and a hash. In simple terms, it’s a condensed version of a message. Regardless of the file type or its size, a hash is only 5-20 symbols long. Keep in mind that hashing is a one-way process, meaning that you can’t turn those symbols back into the message. Its only purpose is to protect you from fake versions of the file. Even if a hacker made the tiniest of changes, the hash would change as well, indicating that the message is no more genuine.

In other words, a digital signature not only guarantees that the sender is authentic but also ensures that the integrity of the message is intact. How's that significant for our RSA and DSA comparison? It will help us recognize the differences between RSA and DSA.

What is the difference between RSA and DSA?

First, it’s the algorithm’s use of mathematical problems. Both algorithms use modular arithmetic, but the RSA certificate relies on prime factorization, while DSA uses the discrete logarithm problem. For now, both are considered completely safe.

Another difference between DSA and RSA is speed. The former is a faster signature, but the latter is more efficient at verification. However, since authentication requires both, speed discrepancies might not be as significant as they sound.

Also, DSA only works with a safer, second edition of the Secure Shell (SSH) network protocol. RSA works with SSH2 but is also compatible with the original SSH, which is now considered heavily flawed. So, if you're concerned about accidentally using SSH, DSA may be a better choice.

By now, you probably see that despite minor differences, RSA and DSA are pretty similar. So you should not worry too much about choosing between the two because our headline RSA vs DSA match-up is a draw. Especially since compatibility-wise, they are equal. RSA and DSA are both used for the same internet protocols and certificates, like Nettle, OpenSSL, wolfCrypt, Crypto++, and cryptlib.

We get it. When you get tickets to a massive boxing match, you don't expect a draw. It just happens. This is one of those Fury vs Wilder-type situations. But it doesn't mean it's bad. On the contrary, it just means that you have two ways to secure your digital signature. Two is always better than one.

Do you have friends who confuse DSA and RSA? Share this article with them by clicking on the social buttons below.

Oliver Noble

Oliver Noble

Verified author

A nerd with a laser focus on all things cybersec. His own words. Oliver’s hobbies away from the computer include reading, Netflix, and testing the limits of yet another Raspberry Pi. To our surprise, this 130-pound ‘nerd’ also bakes a killer pumpkin pie.