这两天总算把ECDSA搞明白了，本来想造个ECDSA轮子，但最近有点忙，而ECDSA轮子又不像HASH那样简单，所以就直接拿现成的轮子来记录一些ECDSA学习心得。 这里贴上github上一个比较适合学习的ECDSA代码，当然这个版本的代码没有 openssl 等商业级的代码专业，但是它足够简单，用来学习ECDSA原理非常合适。 easy-ecc 非对称加密 算法 签名/验证无非包括三步： 1. ...

既然我们已经可以产生椭圆曲线密钥对，我们接下来就用使用它来进行消息的签名和验证。我所指的消息是任何形式，无论是文本还是二进制形式，只要它们有被验证合法性的需要。特别的是，bitcoin客户端通过签名来证明交易的有效性，反之，矿工则是通过验证这样的签名，来批准并广播合法的交易。 ECDSA 签名 椭圆曲线签名 算法 就是ECDSA(Ellipt...

ECDSA的全名是Elliptic Curve DSA，即椭圆曲线DSA。它是Digital Signature Algorithm (DSA)应用了椭圆曲线加密 算法 的变种。椭圆曲线 算法 的原理很复杂，但是具有很好的公开密钥 算法 特性，通过公钥无法逆向获得私钥。 第一部分 ： DSA的签名和验证过程 要了解ECDSA，首先要了解DSA签名的过程和验证过程。为了理解的方便，这里省去诸

突然找到数年前写的这段代码，当是因为对 密码 学几乎不怎么了解踩了一些坑，现在开源出来方便大家直接利用。 ECDSA的全名是Elliptic Curve DSA，也就是椭圆曲线DSA，由于椭圆曲线的复杂性是的其具备良好的安全性，也就是说无法从公钥计算出私钥。 签名过程分为以下两步：第一步：对于一段指定的字符串，首先对其做消息摘要。在示例代码中采用256bit的摘要，也就是以下部分： def check_stop(line_no, ret): if ret != 0: print("execute fail, error on line_no: ", line_no, " exit!!!") exit() def gen_ecdsa_key(private_key_file_path, public_key_file_path): ec_param_file_path = "/tmp/ec_param.pem." + time_stamp ret = subprocess.call([" openssl ", "ecparam", "-out", ec_param_file_path, "-name", "prime256v1", "-genkey"]) check_stop(sys._getframe().f_lineno, ret) ret = subprocess.call([" openssl ", "genpkey", "-paramfile", ec_param_file_path, "-out", private_key_file_path]) check_stop(sys._getframe().f_lineno, ret) ret = subprocess.call([" openssl ", "pkey", "-in", private_key_file_path, "-inform", "PEM", "-out", public_key_file_path, "-outform", "PEM", "-pubout"]) check_stop(sys._getframe().f_lineno, ret) os.remove(ec_param_file_path) print("gen_ecdsa_key succ prikey_path:", private_key_file_path, " pubkey_path:", public_key_file_path) def gen_ecdsa_sign(product_id, sn, private_key_file_path, sign_file_path): ec_sign_info_file = "/tmp/ec_sign_info_file." + time_stamp ec_sign_info_sha256 = "/tmp/ec_sign_info_sha256." + time_stamp ec_binary_sign_file = "/tmp/ec_binary_sign_file." + time_stamp with open(ec_sign_info_file, 'w') as f: f.write(product_id + "_" + sn) ret = subprocess.call([" openssl ", "dgst", "-sha256", "-binary", "-out", ec_sign_info_sha256, ec_sign_info_file]) check_stop(sys._getframe().f_lineno, ret) ret = subprocess.call([" openssl ", "pkeyutl", "-sign", "-in", ec_sign_info_sha256, "-out", ec_binary_sign_file, "-inkey", private_key_file_path, "-keyform", "PEM"]) check_stop(sys._getframe().f_lineno, ret) with open(ec_binary_sign_file, 'rb') as f: sign_binary = f.read() sign_base64 = base64.b64encode(sign_binary).decode() with open(sign_file_path, 'w') as f: f.write(sign_base64) os.remove(ec_sign_info_file) os.remove(ec_sign_info_sha256) os.remove(ec_binary_sign_file) print("gen_ecdsa_sign succ sign_file_path:", sign_file_path) def verify_ecdsa_sign(product_id, sn, public_key_file_path, sign_file_path): ec_sign_info_file = "/tmp/ec_sign_info_file." + time_stamp ec_sign_info_sha256 = "/tmp/ec_sign_info_sha256." + time_stamp ec_binary_sign_file = "/tmp/ec_binary_sign_file." + time_stamp with open(ec_sign_info_file, 'w') as f: f.write(product_id + "_" + sn) ret = subprocess.call([" openssl ", "dgst", "-sha256", "-binary", "-out", ec_sign_info_sha256, ec_sign_info_file]) check_stop(sys._getframe().f_lineno, ret) with open(sign_file_path, 'r') as f: sign_base64 = f.read() sign_binary = base64.b64decode(sign_base64) with open(ec_binary_sign_file, 'wb') as f: f.write(sign_binary) ret = subprocess.call([" openssl ", "pkeyutl", "-verify", "-in", ec_sign_info_sha256, "-sigfile", ec_binary_sign_file, "-pubin", "-inkey", public_key_file_path, "-keyform", "PEM"]) os.remove(ec_sign_info_file) os.remove(ec_sign_info_sha256) os.remove(ec_binary_sign_file) print("verify_ecdsa_sign result:", "succ" if ret == 0 else "fail") if len(sys.argv) < 2: print("Usage:") print("python mmiot_ecdsa_sign.py gen_ecdsa_key <private_key_file_path> <public_key_file_path>") print("python mmiot_ecdsa_sign.py gen_ecdsa_sign <product_id> <sn> <private_key_file_path> <sign_file_path>") print("python mmiot_ecdsa_sign.py verify_ecdsa_sign <product_id> <sn> <public_key_file_path> <sign_file_path>") exit() if sys.argv[1] == "gen_ecdsa_key": gen_ecdsa_key(sys.argv[2], sys.argv[3]) elif sys.argv[1] == "gen_ecdsa_sign": gen_ecdsa_sign(sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5]) elif sys.argv[1] == "verify_ecdsa_sign": verify_ecdsa_sign(sys.argv[2], sys.argv[3], sys.argv[4], sys.argv[5]) else: print("Usage:") print("python mmiot_ecdsa_sign.py gen_ecdsa_key <private_key_file_path> <public_key_file_path>") print("python mmiot_ecdsa_sign.py gen_ecdsa_sign <product_id> <sn> <private_key_file_path> <sign_file_path>") print("python mmiot_ecdsa_sign.py verify_ecdsa_sign <product_id> <sn> <public_key_file_path> <sign_file_path>")