search

AntonKueltz / fastecdsa

Python library for fast elliptic curve crypto
https://pypi.python.org/pypi/fastecdsa
The Unlicense
263 stars 76 forks source link

ecdsa.verify with secp256k1 returns False #55

Closed NotStatilko closed 4 years ago

NotStatilko commented 4 years ago

Hello! I recently installed your library via pip and tried to sign and verify message with secp256k1. As a result i have False, although to me the code seems correct. Can you help me with this?

from fastecdsa import keys, curve as curve_, ecdsa
from hashlib import sha3_256

curve = curve_.secp256k1

message = b'Hello, World!'
privkey, pubkey = keys.gen_keypair(curve=curve)
sign = ecdsa.sign(message, privkey, hashfunc=sha3_256)

print(ecdsa.verify(sign, message, pubkey, 
    hashfunc=sha3_256, curve=curve)
)

Also, when i replace curve with curve_.P256 i get True. Is it a bug?

NotStatilko commented 4 years ago

Just tested under sha256 with True as result. secp256k1 can only be in pair with Bitcoin's hash function?

AntonKueltz commented 4 years ago

Hey there, the privkey is just an integer, it doesn't have any information about the curve embedded in it. So the sign method needs to have the curve being used passed to it (docs). Note the parameter fastecdsa.curve.Curve = P256 in the signature in the docs, the default curve is P256. This should work -

from fastecdsa import keys, curve as curve_, ecdsa
from hashlib import sha3_256

curve = curve_.secp256k1

message = b'Hello, World!'
privkey, pubkey = keys.gen_keypair(curve=curve)
sign = ecdsa.sign(message, privkey, curve=curve, hashfunc=sha3_256)

print(ecdsa.verify(sign, message, pubkey, 
    hashfunc=sha3_256, curve=curve)
)
NotStatilko commented 4 years ago

Oh, thank you! Now it works.