search

kjur / jsrsasign

The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES and JSON Web Signature/Token in pure JavaScript.
https://kjur.github.io/jsrsasign
Other
3.25k stars 646 forks source link

ECDSA signature is different with same private key and same message #581

Closed saycchai closed 1 year ago

saycchai commented 1 year ago

Steps to reproduce:

  1. git clone https://github.com/kjur/jsrsasign.git
  2. open jsrsasing/sample/sample-ecdsa.html in chrome
  3. click "Generate EC Key pair", now will produce a private and public key pair on the screen
  4. Input "a" in the "Message string to be signed"
  5. click sign message, now it will give you a signature in hex value, copy it
  6. click sign message again (the private key, message and the algorithm are the same!), now it will give you another value in the digital signature!

My OS version: VERSION="19.3 (Tricia)" Chrome version: Version 111.0.5563.146 (Official Build) (64-bit)

Screen cap as attached. jsrsasign-issue-1 jsrsasign-issue-2

kjur commented 1 year ago

ECDSA and RSA-PSS signature uses a random number in signing. That's why your signature value varies every time with the same private key and the same message.