How to use the ecdsa.util.sigdecode_string function in ecdsa
To help you get started, we’ve selected a few ecdsa examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
xeroc / python-graphenelib / graphenebase / ecdsa.py View on Github 
def recover_public_key(digest, signature, i, message=None):
""" Recover the public key from the the signature
"""
# See http: //www.secg.org/download/aid-780/sec1-v2.pdf section 4.1.6 primarily
curve = ecdsa.SECP256k1.curve
G = ecdsa.SECP256k1.generator
order = ecdsa.SECP256k1.order
yp = i % 2
r, s = ecdsa.util.sigdecode_string(signature, order)
# 1.1
x = r + (i // 2) * order
# 1.3. This actually calculates for either effectively 02||X or 03||X depending on 'k' instead of always for 02||X as specified.
# This substitutes for the lack of reversing R later on. -R actually is defined to be just flipping the y-coordinate in the elliptic curve.
alpha = ((x * x * x) + (curve.a() * x) + curve.b()) % curve.p()
beta = ecdsa.numbertheory.square_root_mod_prime(alpha, curve.p())
y = beta if (beta - yp) % 2 == 0 else curve.p() - beta
# 1.4 Constructor of Point is supposed to check if nR is at infinity.
R = ecdsa.ellipticcurve.Point(curve, x, y, order)
# 1.5 Compute e
e = ecdsa.util.string_to_number(digest)
# 1.6 Compute Q = r^-1(sR - eG)
Q = ecdsa.numbertheory.inverse_mod(r, order) * (s * R + (-e % order) * G)
if SECP256K1_MODULE == "cryptography" and message is not None:
if not isinstance(message, bytes):def _recover_key(self, digest, signature, i) :
''' Recover the public key from the sig
http://www.secg.org/sec1-v2.pdf
'''
curve = ecdsa.SECP256k1.curve
G = ecdsa.SECP256k1.generator
order = ecdsa.SECP256k1.order
yp = (i %2)
r, s = ecdsa.util.sigdecode_string(signature, order)
x = r + (i // 2 ) * order
alpha = ((x * x * x) + (curve.a() * x) + curve.b()) % curve.p()
beta = ecdsa.numbertheory.square_root_mod_prime(alpha, curve.p())
y = beta if (beta - yp) % 2 == 0 else curve.p() - beta
# generate R
R = ecdsa.ellipticcurve.Point(curve, x, y, order)
e = ecdsa.util.string_to_number(digest)
# compute Q
Q = ecdsa.numbertheory.inverse_mod(r, order) * (s * R + (-e % order) * G)
# verify message
if not ecdsa.VerifyingKey.from_public_point(Q, curve=ecdsa.SECP256k1).verify_digest(signature, digest,
sigdecode=ecdsa.util.sigdecode_string) :
return None
return ecdsa.VerifyingKey.from_public_point(Q, curve=ecdsa.SECP256k1)def test_truncated_string_signatures(verifying_key, hash_alg, signature, trunc):
# check if a malformed string encoded signature causes the same exception
# to be raised irrespective of the type of error
sig = bytearray(signature)
sig = sig[:trunc]
sig = binary_type(sig)
try:
verifying_key.verify(sig, example_data, getattr(hashlib, hash_alg),
sigdecode_string)
assert False
except BadSignatureError:
assert Truedef verify_message(address, signature, message):
""" See http://www.secg.org/download/aid-780/sec1-v2.pdf for the math """
curve = ecdsa.curves.SECP256k1.curve # curve_secp256k1
G = ecdsa.curves.SECP256k1.generator
order = G.order()
# extract r,s from signature
if len(signature) != 65: raise BaseException("Wrong signature")
r, s = util.sigdecode_string(signature[1:], order)
nV = ord(signature[0])
if nV < 27 or nV >= 35:
raise BaseException("Bad encoding")
if nV >= 31:
compressed = True
nV -= 4
else:
compressed = False
recid = nV - 27
# 1.1
x = r + (recid / 2) * order
# 1.3
y = tools.point_y_from_x(x, recid % 2 > 0)
# 1.4 the constructor checks that nR is at infinity
R = ellipticcurve.Point(curve, x, y, order)curve = SECP256k1.curve
G = SECP256k1.G
order = SECP256k1.order
secret, compressed = private_key_to_secret_check_compressed(private_key)
if secret == None:
return None
h = double_sha256(format_message_for_signing(message))
signing_key = ecdsa.SigningKey.from_secret_exponent(secret, curve=SECP256k1.ecdsa_curve)
ecdsa_signature = signing_key.sign_digest(h, sigencode=ecdsa.util.sigencode_string)
public_point = signing_key.get_verifying_key().pubkey.point
e = ecdsa.util.string_to_number(h)
r, s = ecdsa.util.sigdecode_string(ecdsa_signature, order)
# Okay, now we have to guess and check parameters for j and yp
found = False
for j in range(SECP256k1.h + 1):
x = r + j * order
alpha = ((x * x * x) + (curve.a() * x) + curve.b()) % curve.p()
beta = ecdsa.numbertheory.square_root_mod_prime(alpha, curve.p())
for yp in range(2):
if (beta - yp) % 2 == 0:
y = beta
else:
y = curve.p() - beta
R = ecdsa.ellipticcurve.Point(curve, x, y, order)
Q = ecdsa.numbertheory.inverse_mod(r, order) * (s * R + (-e % order) * G)
if Q == public_point:
found = Truedef from_signature(klass, sig, recid, h, curve):
""" See http://www.secg.org/download/aid-780/sec1-v2.pdf, chapter 4.1.6 """
from ecdsa import util, numbertheory
import msqr
curveFp = curve.curve
G = curve.generator
order = G.order()
# extract r,s from signature
r, s = util.sigdecode_string(sig, order)
# 1.1
x = r + (recid//2) * order
# 1.3
alpha = ( x * x * x + curveFp.a() * x + curveFp.b() ) % curveFp.p()
beta = msqr.modular_sqrt(alpha, curveFp.p())
y = beta if (beta - recid) % 2 == 0 else curveFp.p() - beta
# 1.4 the constructor checks that nR is at infinity
R = Point(curveFp, x, y, order)
# 1.5 compute e from message:
e = string_to_number(h)
minus_e = -e % order
# 1.6 compute Q = r^-1 (sR - eG)
inv_r = numbertheory.inverse_mod(r,order)
Q = inv_r * ( s * R + minus_e * G )
return klass.from_public_point( Q, curve )# in the elliptic curve.
alpha = ((x * x * x) + (curve.a() * x) + curve.b()) % curve.p()
beta = ecdsa.numbertheory.square_root_mod_prime(alpha, curve.p())
y = beta if (beta - yp) % 2 == 0 else curve.p() - beta
# 1.4 Constructor of Point is supposed to check if nR is at infinity.
R = ecdsa.ellipticcurve.Point(curve, x, y, order)
# 1.5 Compute e
e = ecdsa.util.string_to_number(digest)
# 1.6 Compute Q = r^-1(sR - eG)
Q = ecdsa.numbertheory.inverse_mod(r, order) * (s * R +
(-e % order) * G)
# Not strictly necessary, but let's verify the message for
# paranoia's sake.
if not ecdsa.VerifyingKey.from_public_point(
Q, curve=ecdsa.SECP256k1).verify_digest(
signature, digest, sigdecode=ecdsa.util.sigdecode_string):
return None
return ecdsa.VerifyingKey.from_public_point(Q, curve=ecdsa.SECP256k1)def from_signature(klass, sig, recid, h, curve):
""" See http://www.secg.org/download/aid-780/sec1-v2.pdf, chapter 4.1.6 """
from ecdsa import util, numbertheory
from . import msqr
curveFp = curve.curve
G = curve.generator
order = G.order()
# extract r,s from signature
r, s = util.sigdecode_string(sig, order)
# 1.1
x = r + (recid//2) * order
# 1.3
alpha = ( x * x * x + curveFp.a() * x + curveFp.b() ) % curveFp.p()
beta = msqr.modular_sqrt(alpha, curveFp.p())
y = beta if (beta - recid) % 2 == 0 else curveFp.p() - beta
# 1.4 the constructor checks that nR is at infinity
R = Point(curveFp, x, y, order)
# 1.5 compute e from message:
e = string_to_number(h)
minus_e = -e % order
# 1.6 compute Q = r^-1 (sR - eG)
inv_r = numbertheory.inverse_mod(r,order)
Q = inv_r * ( s * R + minus_e * G )
return klass.from_public_point( Q, curve )def sign(self, msg_hash):
private_key = MySigningKey.from_secret_exponent(self.secret, curve=SECP256k1)
public_key = private_key.get_verifying_key()
signature = private_key.sign_digest_deterministic(msg_hash, hashfunc=hashlib.sha256,
sigencode=ecdsa.util.sigencode_string)
assert public_key.verify_digest(signature, msg_hash, sigdecode=ecdsa.util.sigdecode_string)
return signaturedef from_signature(klass, sig, recid, h, curve):
""" See http://www.secg.org/download/aid-780/sec1-v2.pdf, chapter 4.1.6 """
from ecdsa import util, numbertheory
from . import msqr
curveFp = curve.curve
G = curve.generator
order = G.order()
# extract r,s from signature
r, s = util.sigdecode_string(sig, order)
# 1.1
x = r + (recid//2) * order
# 1.3
alpha = ( x * x * x + curveFp.a() * x + curveFp.b() ) % curveFp.p()
beta = msqr.modular_sqrt(alpha, curveFp.p())
y = beta if (beta - recid) % 2 == 0 else curveFp.p() - beta
# 1.4 the constructor checks that nR is at infinity
R = Point(curveFp, x, y, order)
# 1.5 compute e from message:
e = string_to_number(h)
minus_e = -e % order
# 1.6 compute Q = r^-1 (sR - eG)
inv_r = numbertheory.inverse_mod(r,order)
Q = inv_r * ( s * R + minus_e * G )
return klass.from_public_point( Q, curve )ecdsa
ECDSA cryptographic signature library (pure python)
Package Health Score
72 / 100Popular ecdsa functions
- ecdsa.curves.SECP256k1
- ecdsa.ecdsa
- ecdsa.ellipticcurve.Point
- ecdsa.numbertheory.inverse_mod
- ecdsa.numbertheory.square_root_mod_prime
- ecdsa.SECP256k1
- ecdsa.SigningKey
- ecdsa.SigningKey.from_pem
- ecdsa.SigningKey.from_secret_exponent
- ecdsa.SigningKey.from_string
- ecdsa.SigningKey.generate
- ecdsa.six.b
- ecdsa.util
- ecdsa.util.number_to_string
- ecdsa.util.randrange
- ecdsa.util.sigdecode_string
- ecdsa.util.string_to_number
- ecdsa.VerifyingKey
- ecdsa.VerifyingKey.from_public_point
- ecdsa.VerifyingKey.from_string