# Ethereum transaction OpenSSL signing

Create, sign and send ethereum transaction by the hard way

**ToDo:** use own dir for temp files or make all subprocess operations without generatin files in project folder

## 1 Imports, Web3 connection
Now connect to Ethereum provider via web3 RPC

In [1]:
import subprocess
from web3 import Web3

from eth_account._utils.transactions import (
    encode_transaction,
    serializable_unsigned_transaction_from_dict,
)

from eth_keys import (
    keys,
)

from eth_keys.datatypes import (  
    PublicKey,
)

from eth_keys.backends.native.ecdsa import (
    ecdsa_raw_verify,
    ecdsa_raw_recover,
    decode_public_key,
    private_key_to_public_key,
)

In [2]:
w3 = Web3(Web3.HTTPProvider('http://127.0.0.1:8545'))
CHAIN_ID = 1

## 2.1 Generate private key via OpenSSL (optional)

In [3]:
subprocess.run('openssl ecparam -name secp256k1 -genkey -noout -out private_key.pem', shell=True).returncode
with open('private_key.pem') as f:
    for line in f:
        print(line, end='')

-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIPZEFyv6zf1QhTUuSp+1zVuOpub5vC8Giaj170WK/EbYoAcGBSuBBAAK
oUQDQgAEY4qgXBJJ9T9Xo1N4gdbIA8SO2J5MI9XFKGuIhlErcdEPy5707eLCBryf
EP+GC8ZiVYDlJRSKo6agKau6YQuQjA==
-----END EC PRIVATE KEY-----


In [4]:
raw_output = subprocess.run('openssl ec -in private_key.pem -text -noout', shell=True, capture_output=True).stdout.decode()
print(raw_output)

Private-Key: (256 bit)
priv:
    f6:44:17:2b:fa:cd:fd:50:85:35:2e:4a:9f:b5:cd:
    5b:8e:a6:e6:f9:bc:2f:06:89:a8:f5:ef:45:8a:fc:
    46:d8
pub:
    04:63:8a:a0:5c:12:49:f5:3f:57:a3:53:78:81:d6:
    c8:03:c4:8e:d8:9e:4c:23:d5:c5:28:6b:88:86:51:
    2b:71:d1:0f:cb:9e:f4:ed:e2:c2:06:bc:9f:10:ff:
    86:0b:c6:62:55:80:e5:25:14:8a:a3:a6:a0:29:ab:
    ba:61:0b:90:8c
ASN1 OID: secp256k1



In [5]:
private_key_hexstr = ''.join([x.replace(' ','').replace(':','') for x in raw_output.split('\n')[2:5]])
print('priv: ' + private_key_hexstr)
public_key_hexstr = ''.join([x.replace(' ','').replace(':','') for x in raw_output.split('\n')[6:11]])
print('pub: ' + public_key_hexstr)

priv: f644172bfacdfd5085352e4a9fb5cd5b8ea6e6f9bc2f0689a8f5ef458afc46d8
pub: 04638aa05c1249f53f57a3537881d6c803c48ed89e4c23d5c5286b8886512b71d10fcb9ef4ede2c206bc9f10ff860bc6625580e525148aa3a6a029abba610b908c


## 2.2 Import raw private key (e.g. from ganache) and create locally its .pem file
It should be in hex format without `0x` prefix

In [6]:
# this adress is 0 account from ganache
private_key_hexstr = '44d01ff7ab5e778dac355876d5200b1f0d4f8d9bbd0f15723e7683f9c6ee8a78'

public_key_hexstr = '04' + Web3.toHex(private_key_to_public_key(Web3.toBytes(hexstr=private_key_hexstr)))[2:]
subprocess.run(f'echo 30740201010420 {private_key_hexstr} a00706052b8104000aa144034200 {public_key_hexstr} | xxd -r -p > raw_pem_key', shell=True).returncode
subprocess.run('openssl ec -inform d < raw_pem_key > private_key.pem', shell=True).returncode

0

## 3 Create ethereum transaction dict

In [7]:
w3.eth.defaultAccount = w3.eth.accounts[0]

nonce = w3.eth.getTransactionCount(w3.eth.defaultAccount)
transaction_dict = {
    #'from': w3.eth.accounts[0],
    'to': Web3.toChecksumAddress(w3.eth.accounts[1]),
    'value': 1,
    'gas': 200000,
    'gasPrice': 0,
    'nonce': nonce,
    'chainId': CHAIN_ID
}

nonce

0

## 4.1 Sign transaction dict via web3.py (optional)

In [8]:
signed_tx = w3.eth.account.signTransaction(transaction_dict, private_key_hexstr)
print('signed tx hex:\n' + w3.toHex(signed_tx.rawTransaction) + '\n')
print('signed tx hash hex:\n' + w3.toHex(signed_tx.hash) + '\n')
print('tx ecdsa signature, (v, r, s):')
print(w3.toHex(signed_tx.v))
print(w3.toHex(signed_tx.r))
print(w3.toHex(signed_tx.s))

signed tx hex:
0xf860808083030d4094bab021f651b216ae46f3f73f75df3c5cb91b631b018026a0a40e1eb0574f19f71e2db1ec125ee09f5f5aa8c7275099313442f3cca7acfc3fa05be76e4b375ba2aeb7694cf908eca80a30fd43eb956f250669d2cbfb308f8edf

signed tx hash hex:
0x70c98fe74591d94b737849727469ef105b326cf8b24c6b213f7e06a963da9c4d

tx ecdsa signature, (v, r, s):
0x26
0xa40e1eb0574f19f71e2db1ec125ee09f5f5aa8c7275099313442f3cca7acfc3f
0x5be76e4b375ba2aeb7694cf908eca80a30fd43eb956f250669d2cbfb308f8edf


## 4.2 Sign transaction dict via OpenSSL

Prepare to serialize transaction dict (create abstract web3py transaction object), then RLP encode transaction and get keccak hash. This hash should be used in openssl sign.
```bash
echo <keccak_hash> | xxd -r -p > keccak_hash_file
```

In [9]:
unsigned_tx = serializable_unsigned_transaction_from_dict(transaction_dict)
unsigned_tx_keccak_hash = unsigned_tx.hash()
Web3.toHex(unsigned_tx_keccak_hash)

'0x6ef48740ab65db35ef38c0c07eb829da088ba7864f80e8d4d0cf0f5d084359d9'

In [10]:
subprocess.run(f'echo {Web3.toHex(unsigned_tx_keccak_hash)[2:]} | xxd -r -p > unsigned_tx_keccak_hash', shell=True).returncode

0

* **s** must be less than ```secp256k1n** / 2 + 1```
* raw recovery ID (**v**) (0/1) role description: value 0 represents an even **y** value of elliptic curve signature, 1 is odd

> it's not possible to get y from openssl, but this value can be only in [0,1]

In [11]:
secp256k1n = 115792089237316195423570985008687907852837564279074904382605163141518161494337
s_num = secp256k1n
while s_num > secp256k1n / 2:
    subprocess.run('openssl pkeyutl -sign -inkey private_key.pem -in unsigned_tx_keccak_hash > signature', shell=True)
    raw_output = subprocess.run('openssl asn1parse -inform DER -in signature', shell=True, capture_output=True).stdout.decode()
    r_str, s_str = [x.split(':')[-1] for x in raw_output.split('\n')[1:3]]
    s_num = int(s_str, 16)
print(r_str)
print(s_str)

66102CC77D9B35F991C02573F0E37A67FFD535F0B9164E399137072272701517
4330B42365DF38A7CEBA458635B2AF8DEAE68F4CE582DA5CBBE12A844F37A365


Check if signature is valid:

In [12]:
ecdsa_raw_verify(
    Web3.toBytes(unsigned_tx_keccak_hash),
    [int(r_str, 16), int(s_str, 16)],
    private_key_to_public_key(Web3.toBytes(hexstr=private_key_hexstr))
)

True

It must return your ethereum address:
> if address does not match, try to change raw recovery ID (0,1)

In [14]:
v_raw = 1

PublicKey(ecdsa_raw_recover(
    Web3.toBytes(unsigned_tx_keccak_hash),
    [v_raw, int(r_str, 16), int(s_str, 16)],
)).to_address()

'0x90c08087af274b77516df05952273008fea2c4b9'

RLP encode signed transaction, it's final step before you can send it

In [15]:
CHAIN_ID_OFFSET = 35
v = v_raw + CHAIN_ID_OFFSET + 2 * CHAIN_ID # it's from yellow paper

signed_tx = encode_transaction(
    unsigned_tx,
    vrs=(v,
         int(r_str, 16),
         int(s_str, 16)
    )
)
Web3.toHex(signed_tx)

'0xf860808083030d4094bab021f651b216ae46f3f73f75df3c5cb91b631b018026a066102cc77d9b35f991c02573f0e37a67ffd535f0b9164e399137072272701517a04330b42365df38a7ceba458635b2af8deae68f4ce582da5cbbe12a844f37a365'

## 5 Send signed transaction 

In [16]:
tx_hash = w3.eth.sendRawTransaction(signed_tx)
tx_hash

HexBytes('0x9c6977832f55a94711108179077ac0dc01800596c114fb763c063acee121b66b')

In [17]:
w3.eth.getTransactionReceipt(tx_hash)

AttributeDict({'transactionHash': HexBytes('0x9c6977832f55a94711108179077ac0dc01800596c114fb763c063acee121b66b'),
 'transactionIndex': 0,
 'blockHash': HexBytes('0x785bfb2fd0daa01cfa3c9732409addfac5d1826b1e96f26d19534b46567a141a'),
 'blockNumber': 1,
 'from': '0x90c08087af274b77516df05952273008fea2c4b9',
 'to': '0xbab021f651b216ae46f3f73f75df3c5cb91b631b',
 'gasUsed': 21000,
 'cumulativeGasUsed': 21000,
 'contractAddress': None,
 'logs': [],
 'status': 1,
 'logsBloom': HexBytes('0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000')