## NAME

`RSA_security_bits`

,
`DSA_security_bits`

,
`DH_security_bits`

,
`BN_security_bits`

—
get security strength

## SYNOPSIS

```
#include
<openssl/rsa.h>
```

`int`

`RSA_security_bits`

(`const
RSA *rsa`);

```
#include
<openssl/dsa.h>
```

`int`

`DSA_security_bits`

(`const
DSA *dsa`);

```
#include
<openssl/dh.h>
```

`int`

`DH_security_bits`

(`const
DH *dh`);

```
#include
<openssl/bn.h>
```

`int`

`BN_security_bits`

(`int pubbits`,
`int privbits`);

## DESCRIPTION

These functions return the security strength of some specific types of cryptographic keys, measured in bits. It is approximately the binary logarithm of the number of operations an attacker has to perform in order to break the key.

`RSA_security_bits`

()
uses only the number of significant bits in the public modulus of
`rsa` as returned by
RSA_bits(3). It returns

256 | for | 15360 | or more significant bits |

192 | 7680 | ||

128 | 3072 | ||

112 | 2048 | ||

80 | 1024 |

or 0 otherwise.

`DSA_security_bits`

()
uses the number of significant bits in the public domain parameter
`p` contained in the `dsa` object,
which is equal to the size of the public key, in the same way as
`RSA_security_bits`

(). In addition, the public domain
parameter `q` contained in the `dsa`
object, which is equal to the size of the private key, is inspected. The
return value is either the security strength according to the above table or
half the size of the private key, whichever is smaller. If the return value
would be smaller than 80, 0 is returned instead.

`DH_security_bits`

()
uses the number of significant bits in the shared secret contained in the
`dh` object as returned by
DH_bits(3) in the same way as
`RSA_security_bits`

(). If `dh`
contains the domain parameter `q`, its number of
significant bits is used in the same way as for
`DSA_security_bits`

() to limit the return value.
Otherwise, if `dh` contains the length of the secret
exponent in bits, that number is used. If neither is available, only the
above table is used without calculating a minimum.

`BN_security_bits`

()
is a combined function. If -1 is passed for the
`privbits` argument, it behaves like
`RSA_security_bits`

(). Otherwise, it behaves like
`DSA_security_bits`

().

## RETURN VALUES

All these functions return numbers in the range from 0 to 256 inclusive.

`DSA_security_bits`

() fails and returns -1
unless both of the `p` and `q`
domain parameters are present.

## SEE ALSO

BN_num_bits(3), DH_bits(3), DH_get0_pqg(3), DSA_get0_pqg(3), RSA_bits(3), SSL_CTX_set_security_level(3)

Elaine Barker,
Recommendation for Key Management,
*U.S. National Institute of Standards and Technology*,
NIST Special Publication 800-57 Part 1 Revision 5,
https://doi.org/10.6028/NIST.SP.800-57pt1r5,
Gaithersburg, MD, May
2020.

## HISTORY

These functions first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 7.2.