# Classic OpenSSL
## Initialize ECDSA keypair
Generate keypair in PEM format

In [323]:
# uncomment to regenerate
#import subprocess
#ossl_proc = subprocess.Popen(['openssl', 'ecparam', '-name', 'secp256k1', '-genkey', '-noout'], stdout=subprocess.PIPE)
#secret_key_pem = ossl_proc.communicate()[0]

ossl_priv_key_pem = b"""
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIC+de1thpHhRvCoEe1rO8j+3lJXZ3j1PHTQBhhtjUUkLoAcGBSuBBAAK
oUQDQgAEu4BpBjbdbTrMMxRocztc309nCn2iocwOGJSlOp0KzxfYyDgkZfIobJcA
VBfwy/jrAWjHMKkWtazFhJctSqW4Mg==
-----END EC PRIVATE KEY-----
"""


convert private key from PEM (textual) to DER (binary) format

In [324]:
ossl_proc = subprocess.Popen(['openssl', 'ec', '-inform', 'PEM', '-outform', 'DER'], stdout=subprocess.PIPE, stdin=subprocess.PIPE)
ossl_priv_key_der = ossl_proc.communicate(input=ossl_priv_key_pem)[0]
ossl_priv_key_der.hex()

'307402010104202f9d7b5b61a47851bc2a047b5acef23fb79495d9de3d4f1d3401861b6351490ba00706052b8104000aa14403420004bb80690636dd6d3acc331468733b5cdf4f670a7da2a1cc0e1894a53a9d0acf17d8c8382465f2286c97005417f0cbf8eb0168c730a916b5acc584972d4aa5b832'

Generate public key in PEM (textual) format

In [325]:
ossl_proc = subprocess.Popen(['openssl', 'ec', '-inform', 'PEM', '-pubout'], stdout=subprocess.PIPE, stdin=subprocess.PIPE)
ossl_pub_key_pem = ossl_proc.communicate(input=ossl_priv_key_pem)[0]
print(ossl_pub_key_pem.decode("utf-8"))

-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEu4BpBjbdbTrMMxRocztc309nCn2iocwO
GJSlOp0KzxfYyDgkZfIobJcAVBfwy/jrAWjHMKkWtazFhJctSqW4Mg==
-----END PUBLIC KEY-----



Generate public key in DER (binary) format

In [326]:
ossl_proc = subprocess.Popen(['openssl', 'ec', '-inform', 'PEM', '-outform', 'DER', '-pubout'], stdout=subprocess.PIPE, stdin=subprocess.PIPE)
ossl_pub_key_der = ossl_proc.communicate(input=ossl_priv_key_pem)[0]
ossl_pub_key_der.hex()

'3056301006072a8648ce3d020106052b8104000a03420004bb80690636dd6d3acc331468733b5cdf4f670a7da2a1cc0e1894a53a9d0acf17d8c8382465f2286c97005417f0cbf8eb0168c730a916b5acc584972d4aa5b832'

# Pure-Python ECDSA
## import keys generated in OpenSSL

Import PEM (textual) private key generated in openSSL

In [327]:
from ecdsa import SigningKey, VerifyingKey, SECP256k1
ecdsa_priv_key = SigningKey.from_pem(ossl_priv_key_pem)
#ecdsa_pub_key = VerifyingKey.from_pem(ossl_pub_key_pem)
ecdsa_pub_key = ecdsa_priv_key.get_verifying_key()
# check equality with OpenSSL
assert ecdsa_pub_key.to_string() == VerifyingKey.from_pem(ossl_pub_key_pem).to_string() 
assert ecdsa_pub_key.to_string() == VerifyingKey.from_der(ossl_pub_key_der).to_string()
assert ecdsa_pub_key.to_string() == SigningKey.from_der(ossl_priv_key_der).get_verifying_key().to_string()
ecdsa_pub_key.to_string().hex()

'bb80690636dd6d3acc331468733b5cdf4f670a7da2a1cc0e1894a53a9d0acf17d8c8382465f2286c97005417f0cbf8eb0168c730a916b5acc584972d4aa5b832'

In [328]:
signature = ecdsa_priv_key.sign(b"message")
assert ecdsa_pub_key.verify(signature, b"message")
signature.hex()

'bbef10c4123a166ce72c17273f59855a1bb9fb9ed53630b1a1f5e32aa40fc34e6d0ded5bbf1b6c5c5af1ce015ab3ff6026adf39a08bc717c26890a81bdcb191f'

In [329]:
from hashlib import sha1
from ecdsa import util
# openssl dgst -ecdsa-with-SHA1 -verify vk.pem -signature data.sig 1.txt
# openssl dgst -ecdsa-with-SHA1 -verify vk.pem -signature data.sig 1.txt
sig_from_openssl_str = '3046022100e3f51d5af41c9f2f5007817c6f2bc418f6d7d9418fe81c7606d9c4b93de363f802210093929eb29162f3fb0e12a8a69af631bc07b5f29be9b0f751d14c11674051e235'
sig_from_openssl = bytes.fromhex(sig_from_openssl_str)
ecdsa_pub_key.verify(sig_from_openssl, "message\n".encode('utf-8'), hashfunc=sha1, sigdecode=util.sigdecode_der)


True

The OpenSSL signature is 72 bytes long.
It is the list of two 32-byte numbers: r and s encoded and serialized by DER(ASN.1)

In [330]:
r,s = util.sigdecode_der(sig_from_openssl, 0)
(hex(r),hex(s))

('0xe3f51d5af41c9f2f5007817c6f2bc418f6d7d9418fe81c7606d9c4b93de363f8',
 '0x93929eb29162f3fb0e12a8a69af631bc07b5f29be9b0f751d14c11674051e235')