How to replicate signatures from other implementations / verify correctness?
See original GitHub issueI’m looking for a Python library for ECDSA. I need to match the output of projects in other languages using different libraries for ECDSA. I took some known (key, message, signature) “test vectors” from this ECDSA library in Go and was able to replicate them (or at least the first and fourth) with elliptic
in JavaScript, to verify that they work the same. However, I can’t seem to do the same with fastecdsa
.
How would you write a function that, given two 32-byte bytes
values for both the key and the message digest, returns a DER-encoded bytes
signature? I tried this (paraphrased):
from fastecdsa import curve, ecdsa
def sign(private_key_bytes: bytes, message_digest_bytes: bytes) -> bytes:
private_key = int.from_bytes(private_key_bytes, byteorder='big')
r, s = ecdsa.sign(
message_digest_bytes.hex(), private_key, curve=curve.secp256k1, prehashed=True
)
r_bytes = r.to_bytes(32, byteorder='big')
s_bytes = s.to_bytes(32, byteorder='big')
# Hacky hard-coded DER encoding that works for the two cases I'm testing.
return b'\x30\x44' + b'\x02\x20' + r_bytes + b'\x02\x20' + s_bytes
You can see it failing on the two test vectors I copied from the Go project.
Issue Analytics
- State:
- Created 4 years ago
- Comments:17 (10 by maintainers)
Top Results From Across the Web
How Signature Verification Tools Detect Forgeries
Look at the seven elements signature verification tools use to detect forgeries. Learn how signature verification tools can help protect your bank from ......
Read more >XML Signature Best Practices - W3C
In practice, X.509 implementations check the signature on certificates exactly as encoded, which means that they're verifying exactly the same ...
Read more >Manual Chapter: Working with Attack Signatures - AskF5
To disable signature staging, clear the Enabled check box. Click Save to save your settings. To put the security policy changes into effect...
Read more >Handwritten Signature Verification Method Based on ... - MDPI
In order to improve the handwritten signature verification method, we propose a score fusion method based on accuracy (SF-A) to achieve feature ...
Read more >Off-line signature verification using elementary combinations ...
Signatures of authorized persons are considered known in advance. In this paper, a novel feature set is introduced based on quasi-straightness ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I can confirm v2.1.2 let me replicate signatures. Thank you!
Indeed. You can see my
IdentityHash
here.