Digital Signature Algorithm (DSA), is, as might be expected, an algorithm for creating digital signatures. Unlike other public key algorithms like the RSA algorithm, it can only sign and cannot encrypt information.

DSA was made public on August 30, 1991 in the Federal Register. The American National Institute of Standards and Technology (NIST) proposed this brand new, unproven algorithm as the national standard for digital signatures, over the well known and widely used RSA. DSA was developed primarily by David Kravitz, an employee of the shadowy NSA. It was later revealed that the NSA forced NIST to adopt DSA over RSA as part of the NSA's strategy of delaying the deployment of strong crypto. Because DSA could only sign and not encrypt, products that used DSA for signatures would not get encryption "for free".

Despite this suspect beginning, the DSA algorithm has been publicly available for peer review and no obvious flaws or backdoors have been found. It's primary disadvantage is that it requires much more computation time than RSA. It once had a significant advantage over RSA: until September 20, 2000, the RSA algorithm was covered by patents owned by Public Key Partners (itself partially owned by RSA Data Security Inc.); DSA was patent free, and thus could be used without paying a licensing fee. However, now that the RSA patent has expired, RSA is generally prefered over DSA.

The algorithm DSA uses internally is restricted to signing of messages of exactly 160 bits, so the DSA first computes the SHA1 hash of the real message and signs that. This means that DSA implicitly relies on the cryptographic security of SHA1, and any flaw in that algorithm will also comprimise DSA.

DSA is used in many crypto products for authentication (but obviously not encryption). These include SSL and related products such as SSH (including OpenSSH and OpenSSL), TLS, SSL-enabled web browsers and web servers, and GnuPG.