1Metadata-Version: 2.1 2Name: ecdsa 3Version: 0.16.0 4Summary: ECDSA cryptographic signature library (pure python) 5Home-page: http://github.com/warner/python-ecdsa 6Author: Brian Warner 7Author-email: warner@lothar.com 8License: MIT 9Description: # Pure-Python ECDSA 10 11 [![build status](https://travis-ci.org/warner/python-ecdsa.png)](http://travis-ci.org/warner/python-ecdsa) 12 [![Coverage Status](https://coveralls.io/repos/warner/python-ecdsa/badge.svg)](https://coveralls.io/r/warner/python-ecdsa) 13 [![condition coverage](https://img.shields.io/badge/condition%20coverage-81%25-yellow)](https://travis-ci.org/warner/python-ecdsa/jobs/626479178#L776) 14 [![Latest Version](https://img.shields.io/pypi/v/ecdsa.svg?style=flat)](https://pypi.python.org/pypi/ecdsa/) 15 ![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg?style=flat) 16 17 18 This is an easy-to-use implementation of ECDSA cryptography (Elliptic Curve 19 Digital Signature Algorithm), implemented purely in Python, released under 20 the MIT license. With this library, you can quickly create keypairs (signing 21 key and verifying key), sign messages, and verify the signatures. The keys 22 and signatures are very short, making them easy to handle and incorporate 23 into other protocols. 24 25 ## Features 26 27 This library provides key generation, signing, and verifying, for five 28 popular NIST "Suite B" GF(p) (_prime field_) curves, with key lengths of 192, 29 224, 256, 384, and 521 bits. The "short names" for these curves, as known by 30 the OpenSSL tool (`openssl ecparam -list_curves`), are: `prime192v1`, 31 `secp224r1`, `prime256v1`, `secp384r1`, and `secp521r1`. It includes the 32 256-bit curve `secp256k1` used by Bitcoin. There is also support for the 33 regular (non-twisted) variants of Brainpool curves from 160 to 512 bits. The 34 "short names" of those curves are: `brainpoolP160r1`, `brainpoolP192r1`, 35 `brainpoolP224r1`, `brainpoolP256r1`, `brainpoolP320r1`, `brainpoolP384r1`, 36 `brainpoolP512r1`. 37 No other curves are included, but it is not too hard to add support for more 38 curves over prime fields. 39 40 ## Dependencies 41 42 This library uses only Python and the 'six' package. It is compatible with 43 Python 2.6, 2.7 and 3.3+. It also supports execution on the alternative 44 implementations like pypy and pypy3. 45 46 If `gmpy2` or `gmpy` is installed, they will be used for faster arithmetic. 47 Either of them can be installed after this library is installed, 48 `python-ecdsa` will detect their presence on start-up and use them 49 automatically. 50 51 To run the OpenSSL compatibility tests, the 'openssl' tool must be in your 52 `PATH`. This release has been tested successfully against OpenSSL 0.9.8o, 53 1.0.0a, 1.0.2f and 1.1.1d (among others). 54 55 56 ## Installation 57 58 This library is available on PyPI, it's recommended to install it using `pip`: 59 60 ``` 61 pip install ecdsa 62 ``` 63 64 In case higher performance is wanted and using native code is not a problem, 65 it's possible to specify installation together with `gmpy2`: 66 67 ``` 68 pip install ecdsa[gmpy2] 69 ``` 70 71 or (slower, legacy option): 72 ``` 73 pip install ecdsa[gmpy] 74 ``` 75 76 ## Speed 77 78 The following table shows how long this library takes to generate keypairs 79 (`keygen`), to sign data (`sign`), and to verify those signatures (`verify`). 80 All those values are in seconds. 81 For convenience, the inverses of those values are also provided: 82 how many keys per second can be generated (`keygen/s`), how many signatures 83 can be made per second (`sign/s`) and how many signatures can be verified 84 per second (`verify/s`). The size of raw signature (generally the smallest 85 way a signature can be encoded) is also provided in the `siglen` column. 86 Use `tox -e speed` to generate this table on your own computer. 87 On an Intel Core i7 4790K @ 4.0GHz I'm getting the following performance: 88 89 ``` 90 siglen keygen keygen/s sign sign/s verify verify/s 91 NIST192p: 48 0.00035s 2893.02 0.00038s 2620.53 0.00069s 1458.92 92 NIST224p: 56 0.00043s 2307.11 0.00048s 2092.00 0.00088s 1131.33 93 NIST256p: 64 0.00056s 1793.70 0.00061s 1639.87 0.00113s 883.79 94 NIST384p: 96 0.00116s 864.33 0.00124s 806.29 0.00233s 429.87 95 NIST521p: 132 0.00221s 452.16 0.00234s 427.31 0.00460s 217.19 96 SECP256k1: 64 0.00056s 1772.65 0.00061s 1628.73 0.00110s 912.13 97 BRAINPOOLP160r1: 40 0.00026s 3801.86 0.00029s 3401.11 0.00052s 1930.47 98 BRAINPOOLP192r1: 48 0.00034s 2925.73 0.00038s 2634.34 0.00070s 1438.06 99 BRAINPOOLP224r1: 56 0.00044s 2287.98 0.00048s 2083.87 0.00088s 1137.52 100 BRAINPOOLP256r1: 64 0.00056s 1774.11 0.00061s 1628.25 0.00112s 890.71 101 BRAINPOOLP320r1: 80 0.00081s 1238.18 0.00087s 1146.71 0.00151s 661.95 102 BRAINPOOLP384r1: 96 0.00117s 855.47 0.00124s 804.56 0.00241s 414.83 103 BRAINPOOLP512r1: 128 0.00223s 447.99 0.00234s 427.49 0.00437s 229.09 104 105 ecdh ecdh/s 106 NIST192p: 0.00110s 910.70 107 NIST224p: 0.00143s 701.17 108 NIST256p: 0.00178s 560.44 109 NIST384p: 0.00383s 261.03 110 NIST521p: 0.00745s 134.23 111 SECP256k1: 0.00168s 596.23 112 BRAINPOOLP160r1: 0.00085s 1174.02 113 BRAINPOOLP192r1: 0.00113s 883.47 114 BRAINPOOLP224r1: 0.00145s 687.82 115 BRAINPOOLP256r1: 0.00195s 514.03 116 BRAINPOOLP320r1: 0.00277s 360.80 117 BRAINPOOLP384r1: 0.00412s 242.58 118 BRAINPOOLP512r1: 0.00787s 127.12 119 ``` 120 121 To test performance with `gmpy2` loaded, use `tox -e speedgmpy2`. 122 On the same machine I'm getting the following performance with `gmpy2`: 123 ``` 124 siglen keygen keygen/s sign sign/s verify verify/s 125 NIST192p: 48 0.00017s 5945.50 0.00018s 5544.66 0.00033s 3002.54 126 NIST224p: 56 0.00021s 4742.14 0.00022s 4463.52 0.00044s 2248.59 127 NIST256p: 64 0.00024s 4155.73 0.00025s 3994.28 0.00047s 2105.34 128 NIST384p: 96 0.00041s 2415.06 0.00043s 2316.41 0.00085s 1177.18 129 NIST521p: 132 0.00072s 1391.14 0.00074s 1359.63 0.00140s 716.31 130 SECP256k1: 64 0.00024s 4216.50 0.00025s 3994.52 0.00047s 2120.57 131 BRAINPOOLP160r1: 40 0.00014s 7038.99 0.00015s 6501.55 0.00029s 3397.79 132 BRAINPOOLP192r1: 48 0.00017s 5983.18 0.00018s 5626.08 0.00035s 2843.62 133 BRAINPOOLP224r1: 56 0.00021s 4727.54 0.00022s 4464.86 0.00043s 2326.84 134 BRAINPOOLP256r1: 64 0.00024s 4221.00 0.00025s 4010.26 0.00049s 2046.40 135 BRAINPOOLP320r1: 80 0.00032s 3142.14 0.00033s 3009.15 0.00061s 1652.88 136 BRAINPOOLP384r1: 96 0.00041s 2415.98 0.00043s 2340.35 0.00083s 1198.77 137 BRAINPOOLP512r1: 128 0.00064s 1567.27 0.00066s 1526.33 0.00127s 788.51 138 139 ecdh ecdh/s 140 NIST192p: 0.00051s 1960.26 141 NIST224p: 0.00067s 1502.97 142 NIST256p: 0.00073s 1376.12 143 NIST384p: 0.00132s 758.68 144 NIST521p: 0.00231s 433.23 145 SECP256k1: 0.00072s 1387.18 146 BRAINPOOLP160r1: 0.00042s 2366.60 147 BRAINPOOLP192r1: 0.00049s 2026.80 148 BRAINPOOLP224r1: 0.00067s 1486.52 149 BRAINPOOLP256r1: 0.00076s 1310.31 150 BRAINPOOLP320r1: 0.00101s 986.16 151 BRAINPOOLP384r1: 0.00131s 761.35 152 BRAINPOOLP512r1: 0.00211s 473.30 153 ``` 154 155 (there's also `gmpy` version, execute it using `tox -e speedgmpy`) 156 157 For comparison, a highly optimised implementation (including curve-specific 158 assembly for some curves), like the one in OpenSSL 1.1.1d, provides following 159 performance numbers on the same machine. 160 Run `openssl speed ecdsa` and `openssl speed ecdh` to reproduce it: 161 ``` 162 sign verify sign/s verify/s 163 192 bits ecdsa (nistp192) 0.0002s 0.0002s 4785.6 5380.7 164 224 bits ecdsa (nistp224) 0.0000s 0.0001s 22475.6 9822.0 165 256 bits ecdsa (nistp256) 0.0000s 0.0001s 45069.6 14166.6 166 384 bits ecdsa (nistp384) 0.0008s 0.0006s 1265.6 1648.1 167 521 bits ecdsa (nistp521) 0.0003s 0.0005s 3753.1 1819.5 168 256 bits ecdsa (brainpoolP256r1) 0.0003s 0.0003s 2983.5 3333.2 169 384 bits ecdsa (brainpoolP384r1) 0.0008s 0.0007s 1258.8 1528.1 170 512 bits ecdsa (brainpoolP512r1) 0.0015s 0.0012s 675.1 860.1 171 172 op op/s 173 192 bits ecdh (nistp192) 0.0002s 4853.4 174 224 bits ecdh (nistp224) 0.0001s 15252.1 175 256 bits ecdh (nistp256) 0.0001s 18436.3 176 384 bits ecdh (nistp384) 0.0008s 1292.7 177 521 bits ecdh (nistp521) 0.0003s 2884.7 178 256 bits ecdh (brainpoolP256r1) 0.0003s 3066.5 179 384 bits ecdh (brainpoolP384r1) 0.0008s 1298.0 180 512 bits ecdh (brainpoolP512r1) 0.0014s 694.8 181 ``` 182 183 Keys and signature can be serialized in different ways (see Usage, below). 184 For a NIST192p key, the three basic representations require strings of the 185 following lengths (in bytes): 186 187 to_string: signkey= 24, verifykey= 48, signature=48 188 compressed: signkey=n/a, verifykey= 25, signature=n/a 189 DER: signkey=106, verifykey= 80, signature=55 190 PEM: signkey=278, verifykey=162, (no support for PEM signatures) 191 192 ## History 193 194 In 2006, Peter Pearson announced his pure-python implementation of ECDSA in a 195 [message to sci.crypt][1], available from his [download site][2]. In 2010, 196 Brian Warner wrote a wrapper around this code, to make it a bit easier and 197 safer to use. Hubert Kario then included an implementation of elliptic curve 198 cryptography that uses Jacobian coordinates internally, improving performance 199 about 20-fold. You are looking at the README for this wrapper. 200 201 [1]: http://www.derkeiler.com/Newsgroups/sci.crypt/2006-01/msg00651.html 202 [2]: http://webpages.charter.net/curryfans/peter/downloads.html 203 204 ## Testing 205 206 To run the full test suite, do this: 207 208 tox -e coverage 209 210 On an Intel Core i7 4790K @ 4.0GHz, the tests take about 16 seconds to execute. 211 The test suite uses 212 [`hypothesis`](https://github.com/HypothesisWorks/hypothesis) so there is some 213 inherent variability in the test suite execution time. 214 215 One part of `test_pyecdsa.py` checks compatibility with OpenSSL, by 216 running the "openssl" CLI tool, make sure it's in your `PATH` if you want 217 to test compatibility with it. 218 219 ## Security 220 221 This library was not designed with security in mind. If you are processing 222 data that needs to be protected we suggest you use a quality wrapper around 223 OpenSSL. [pyca/cryptography](https://cryptography.io) is one example of such 224 a wrapper. The primary use-case of this library is as a portable library for 225 interoperability testing and as a teaching tool. 226 227 **This library does not protect against side channel attacks.** 228 229 Do not allow attackers to measure how long it takes you to generate a keypair 230 or sign a message. Do not allow attackers to run code on the same physical 231 machine when keypair generation or signing is taking place (this includes 232 virtual machines). Do not allow attackers to measure how much power your 233 computer uses while generating the keypair or signing a message. Do not allow 234 attackers to measure RF interference coming from your computer while generating 235 a keypair or signing a message. Note: just loading the private key will cause 236 keypair generation. Other operations or attack vectors may also be 237 vulnerable to attacks. **For a sophisticated attacker observing just one 238 operation with a private key will be sufficient to completely 239 reconstruct the private key**. 240 241 Please also note that any Pure-python cryptographic library will be vulnerable 242 to the same side channel attacks. This is because Python does not provide 243 side-channel secure primitives (with the exception of 244 [`hmac.compare_digest()`][3]), making side-channel secure programming 245 impossible. 246 247 This library depends upon a strong source of random numbers. Do not use it on 248 a system where `os.urandom()` does not provide cryptographically secure 249 random numbers. 250 251 [3]: https://docs.python.org/3/library/hmac.html#hmac.compare_digest 252 253 ## Usage 254 255 You start by creating a `SigningKey`. You can use this to sign data, by passing 256 in data as a byte string and getting back the signature (also a byte string). 257 You can also ask a `SigningKey` to give you the corresponding `VerifyingKey`. 258 The `VerifyingKey` can be used to verify a signature, by passing it both the 259 data string and the signature byte string: it either returns True or raises 260 `BadSignatureError`. 261 262 ```python 263 from ecdsa import SigningKey 264 sk = SigningKey.generate() # uses NIST192p 265 vk = sk.verifying_key 266 signature = sk.sign(b"message") 267 assert vk.verify(signature, b"message") 268 ``` 269 270 Each `SigningKey`/`VerifyingKey` is associated with a specific curve, like 271 NIST192p (the default one). Longer curves are more secure, but take longer to 272 use, and result in longer keys and signatures. 273 274 ```python 275 from ecdsa import SigningKey, NIST384p 276 sk = SigningKey.generate(curve=NIST384p) 277 vk = sk.verifying_key 278 signature = sk.sign(b"message") 279 assert vk.verify(signature, b"message") 280 ``` 281 282 The `SigningKey` can be serialized into several different formats: the shortest 283 is to call `s=sk.to_string()`, and then re-create it with 284 `SigningKey.from_string(s, curve)` . This short form does not record the 285 curve, so you must be sure to pass to `from_string()` the same curve you used 286 for the original key. The short form of a NIST192p-based signing key is just 24 287 bytes long. If a point encoding is invalid or it does not lie on the specified 288 curve, `from_string()` will raise `MalformedPointError`. 289 290 ```python 291 from ecdsa import SigningKey, NIST384p 292 sk = SigningKey.generate(curve=NIST384p) 293 sk_string = sk.to_string() 294 sk2 = SigningKey.from_string(sk_string, curve=NIST384p) 295 print(sk_string.hex()) 296 print(sk2.to_string().hex()) 297 ``` 298 299 Note: while the methods are called `to_string()` the type they return is 300 actually `bytes`, the "string" part is leftover from Python 2. 301 302 `sk.to_pem()` and `sk.to_der()` will serialize the signing key into the same 303 formats that OpenSSL uses. The PEM file looks like the familiar ASCII-armored 304 `"-----BEGIN EC PRIVATE KEY-----"` base64-encoded format, and the DER format 305 is a shorter binary form of the same data. 306 `SigningKey.from_pem()/.from_der()` will undo this serialization. These 307 formats include the curve name, so you do not need to pass in a curve 308 identifier to the deserializer. In case the file is malformed `from_der()` 309 and `from_pem()` will raise `UnexpectedDER` or` MalformedPointError`. 310 311 ```python 312 from ecdsa import SigningKey, NIST384p 313 sk = SigningKey.generate(curve=NIST384p) 314 sk_pem = sk.to_pem() 315 sk2 = SigningKey.from_pem(sk_pem) 316 # sk and sk2 are the same key 317 ``` 318 319 Likewise, the `VerifyingKey` can be serialized in the same way: 320 `vk.to_string()/VerifyingKey.from_string()`, `to_pem()/from_pem()`, and 321 `to_der()/from_der()`. The same `curve=` argument is needed for 322 `VerifyingKey.from_string()`. 323 324 ```python 325 from ecdsa import SigningKey, VerifyingKey, NIST384p 326 sk = SigningKey.generate(curve=NIST384p) 327 vk = sk.verifying_key 328 vk_string = vk.to_string() 329 vk2 = VerifyingKey.from_string(vk_string, curve=NIST384p) 330 # vk and vk2 are the same key 331 332 from ecdsa import SigningKey, VerifyingKey, NIST384p 333 sk = SigningKey.generate(curve=NIST384p) 334 vk = sk.verifying_key 335 vk_pem = vk.to_pem() 336 vk2 = VerifyingKey.from_pem(vk_pem) 337 # vk and vk2 are the same key 338 ``` 339 340 There are a couple of different ways to compute a signature. Fundamentally, 341 ECDSA takes a number that represents the data being signed, and returns a 342 pair of numbers that represent the signature. The `hashfunc=` argument to 343 `sk.sign()` and `vk.verify()` is used to turn an arbitrary string into 344 fixed-length digest, which is then turned into a number that ECDSA can sign, 345 and both sign and verify must use the same approach. The default value is 346 `hashlib.sha1`, but if you use NIST256p or a longer curve, you can use 347 `hashlib.sha256` instead. 348 349 There are also multiple ways to represent a signature. The default 350 `sk.sign()` and `vk.verify()` methods present it as a short string, for 351 simplicity and minimal overhead. To use a different scheme, use the 352 `sk.sign(sigencode=)` and `vk.verify(sigdecode=)` arguments. There are helper 353 functions in the `ecdsa.util` module that can be useful here. 354 355 It is also possible to create a `SigningKey` from a "seed", which is 356 deterministic. This can be used in protocols where you want to derive 357 consistent signing keys from some other secret, for example when you want 358 three separate keys and only want to store a single master secret. You should 359 start with a uniformly-distributed unguessable seed with about `curve.baselen` 360 bytes of entropy, and then use one of the helper functions in `ecdsa.util` to 361 convert it into an integer in the correct range, and then finally pass it 362 into `SigningKey.from_secret_exponent()`, like this: 363 364 ```python 365 import os 366 from ecdsa import NIST384p, SigningKey 367 from ecdsa.util import randrange_from_seed__trytryagain 368 369 def make_key(seed): 370 secexp = randrange_from_seed__trytryagain(seed, NIST384p.order) 371 return SigningKey.from_secret_exponent(secexp, curve=NIST384p) 372 373 seed = os.urandom(NIST384p.baselen) # or other starting point 374 sk1a = make_key(seed) 375 sk1b = make_key(seed) 376 # note: sk1a and sk1b are the same key 377 assert sk1a.to_string() == sk1b.to_string() 378 sk2 = make_key(b"2-"+seed) # different key 379 assert sk1a.to_string() != sk2.to_string() 380 ``` 381 382 In case the application will verify a lot of signatures made with a single 383 key, it's possible to precompute some of the internal values to make 384 signature verification significantly faster. The break-even point occurs at 385 about 100 signatures verified. 386 387 To perform precomputation, you can call the `precompute()` method 388 on `VerifyingKey` instance: 389 ```python 390 from ecdsa import SigningKey, NIST384p 391 sk = SigningKey.generate(curve=NIST384p) 392 vk = sk.verifying_key 393 vk.precompute() 394 signature = sk.sign(b"message") 395 assert vk.verify(signature, b"message") 396 ``` 397 398 Once `precompute()` was called, all signature verifications with this key will 399 be faster to execute. 400 401 ## OpenSSL Compatibility 402 403 To produce signatures that can be verified by OpenSSL tools, or to verify 404 signatures that were produced by those tools, use: 405 406 ```python 407 # openssl ecparam -name prime256v1 -genkey -out sk.pem 408 # openssl ec -in sk.pem -pubout -out vk.pem 409 # echo "data for signing" > data 410 # openssl dgst -sha256 -sign sk.pem -out data.sig data 411 # openssl dgst -sha256 -verify vk.pem -signature data.sig data 412 # openssl dgst -sha256 -prverify sk.pem -signature data.sig data 413 414 import hashlib 415 from ecdsa import SigningKey, VerifyingKey 416 from ecdsa.util import sigencode_der, sigdecode_der 417 418 with open("vk.pem") as f: 419 vk = VerifyingKey.from_pem(f.read()) 420 421 with open("data", "rb") as f: 422 data = f.read() 423 424 with open("data.sig", "rb") as f: 425 signature = f.read() 426 427 assert vk.verify(signature, data, hashlib.sha256, sigdecode=sigdecode_der) 428 429 with open("sk.pem") as f: 430 sk = SigningKey.from_pem(f.read(), hashlib.sha256) 431 432 new_signature = sk.sign_deterministic(data, sigencode=sigencode_der) 433 434 with open("data.sig2", "wb") as f: 435 f.write(new_signature) 436 437 # openssl dgst -sha256 -verify vk.pem -signature data.sig2 data 438 ``` 439 440 Note: if compatibility with OpenSSL 1.0.0 or earlier is necessary, the 441 `sigencode_string` and `sigdecode_string` from `ecdsa.util` can be used for 442 respectively writing and reading the signatures. 443 444 The keys also can be written in format that openssl can handle: 445 446 ```python 447 from ecdsa import SigningKey, VerifyingKey 448 449 with open("sk.pem") as f: 450 sk = SigningKey.from_pem(f.read()) 451 with open("sk.pem", "wb") as f: 452 f.write(sk.to_pem()) 453 454 with open("vk.pem") as f: 455 vk = VerifyingKey.from_pem(f.read()) 456 with open("vk.pem", "wb") as f: 457 f.write(vk.to_pem()) 458 ``` 459 460 ## Entropy 461 462 Creating a signing key with `SigningKey.generate()` requires some form of 463 entropy (as opposed to 464 `from_secret_exponent`/`from_string`/`from_der`/`from_pem`, 465 which are deterministic and do not require an entropy source). The default 466 source is `os.urandom()`, but you can pass any other function that behaves 467 like `os.urandom` as the `entropy=` argument to do something different. This 468 may be useful in unit tests, where you want to achieve repeatable results. The 469 `ecdsa.util.PRNG` utility is handy here: it takes a seed and produces a strong 470 pseudo-random stream from it: 471 472 ```python 473 from ecdsa.util import PRNG 474 from ecdsa import SigningKey 475 rng1 = PRNG(b"seed") 476 sk1 = SigningKey.generate(entropy=rng1) 477 rng2 = PRNG(b"seed") 478 sk2 = SigningKey.generate(entropy=rng2) 479 # sk1 and sk2 are the same key 480 ``` 481 482 Likewise, ECDSA signature generation requires a random number, and each 483 signature must use a different one (using the same number twice will 484 immediately reveal the private signing key). The `sk.sign()` method takes an 485 `entropy=` argument which behaves the same as `SigningKey.generate(entropy=)`. 486 487 ## Deterministic Signatures 488 489 If you call `SigningKey.sign_deterministic(data)` instead of `.sign(data)`, 490 the code will generate a deterministic signature instead of a random one. 491 This uses the algorithm from RFC6979 to safely generate a unique `k` value, 492 derived from the private key and the message being signed. Each time you sign 493 the same message with the same key, you will get the same signature (using 494 the same `k`). 495 496 This may become the default in a future version, as it is not vulnerable to 497 failures of the entropy source. 498 499 ## Examples 500 501 Create a NIST192p keypair and immediately save both to disk: 502 503 ```python 504 from ecdsa import SigningKey 505 sk = SigningKey.generate() 506 vk = sk.verifying_key 507 with open("private.pem", "wb") as f: 508 f.write(sk.to_pem()) 509 with open("public.pem", "wb") as f: 510 f.write(vk.to_pem()) 511 ``` 512 513 Load a signing key from disk, use it to sign a message (using SHA-1), and write 514 the signature to disk: 515 516 ```python 517 from ecdsa import SigningKey 518 with open("private.pem") as f: 519 sk = SigningKey.from_pem(f.read()) 520 with open("message", "rb") as f: 521 message = f.read() 522 sig = sk.sign(message) 523 with open("signature", "wb") as f: 524 f.write(sig) 525 ``` 526 527 Load the verifying key, message, and signature from disk, and verify the 528 signature (assume SHA-1 hash): 529 530 ```python 531 from ecdsa import VerifyingKey, BadSignatureError 532 vk = VerifyingKey.from_pem(open("public.pem").read()) 533 with open("message", "rb") as f: 534 message = f.read() 535 with open("signature", "rb") as f: 536 sig = f.read() 537 try: 538 vk.verify(sig, message) 539 print "good signature" 540 except BadSignatureError: 541 print "BAD SIGNATURE" 542 ``` 543 544 Create a NIST521p keypair: 545 546 ```python 547 from ecdsa import SigningKey, NIST521p 548 sk = SigningKey.generate(curve=NIST521p) 549 vk = sk.verifying_key 550 ``` 551 552 Create three independent signing keys from a master seed: 553 554 ```python 555 from ecdsa import NIST192p, SigningKey 556 from ecdsa.util import randrange_from_seed__trytryagain 557 558 def make_key_from_seed(seed, curve=NIST192p): 559 secexp = randrange_from_seed__trytryagain(seed, curve.order) 560 return SigningKey.from_secret_exponent(secexp, curve) 561 562 sk1 = make_key_from_seed("1:%s" % seed) 563 sk2 = make_key_from_seed("2:%s" % seed) 564 sk3 = make_key_from_seed("3:%s" % seed) 565 ``` 566 567 Load a verifying key from disk and print it using hex encoding in 568 uncompressed and compressed format (defined in X9.62 and SEC1 standards): 569 570 ```python 571 from ecdsa import VerifyingKey 572 573 with open("public.pem") as f: 574 vk = VerifyingKey.from_pem(f.read()) 575 576 print("uncompressed: {0}".format(vk.to_string("uncompressed").hex())) 577 print("compressed: {0}".format(vk.to_string("compressed").hex())) 578 ``` 579 580 Load a verifying key from a hex string from compressed format, output 581 uncompressed: 582 583 ```python 584 from ecdsa import VerifyingKey, NIST256p 585 586 comp_str = '022799c0d0ee09772fdd337d4f28dc155581951d07082fb19a38aa396b67e77759' 587 vk = VerifyingKey.from_string(bytearray.fromhex(comp_str), curve=NIST256p) 588 print(vk.to_string("uncompressed").hex()) 589 ``` 590 591 ECDH key exchange with remote party 592 593 ```python 594 from ecdsa import ECDH, NIST256p 595 596 ecdh = ECDH(curve=NIST256p) 597 ecdh.generate_private_key() 598 local_public_key = ecdh.get_public_key() 599 #send `local_public_key` to remote party and receive `remote_public_key` from remote party 600 with open("remote_public_key.pem") as e: 601 remote_public_key = e.read() 602 ecdh.load_received_public_key_pem(remote_public_key) 603 secret = ecdh.generate_sharedsecret_bytes() 604 ``` 605 606Platform: UNKNOWN 607Classifier: Programming Language :: Python 608Classifier: Programming Language :: Python :: 2 609Classifier: Programming Language :: Python :: 2.6 610Classifier: Programming Language :: Python :: 2.7 611Classifier: Programming Language :: Python :: 3 612Classifier: Programming Language :: Python :: 3.3 613Classifier: Programming Language :: Python :: 3.4 614Classifier: Programming Language :: Python :: 3.5 615Classifier: Programming Language :: Python :: 3.6 616Classifier: Programming Language :: Python :: 3.7 617Classifier: Programming Language :: Python :: 3.8 618Requires-Python: >=2.6, !=3.0.*, !=3.1.*, !=3.2.* 619Description-Content-Type: text/markdown 620Provides-Extra: gmpy2 621Provides-Extra: gmpy 622