@@ -270,24 +270,57 @@ To produce signatures that can be verified by OpenSSL tools, or to verify
270270signatures that were produced by those tools, use:
271271
272272``` python
273- # openssl ecparam -name secp224r1 -genkey -out sk.pem
273+ # openssl ecparam -name prime256v1 -genkey -out sk.pem
274274# openssl ec -in sk.pem -pubout -out vk.pem
275- # openssl dgst -ecdsa-with-SHA1 -sign sk.pem -out data.sig data
276- # openssl dgst -ecdsa-with-SHA1 -verify vk.pem -signature data.sig data
277- # openssl dgst -ecdsa-with-SHA1 -prverify sk.pem -signature data.sig data
275+ # echo "data for signing" > data
276+ # openssl dgst -sha256 -sign sk.pem -out data.sig data
277+ # openssl dgst -sha256 -verify vk.pem -signature data.sig data
278+ # openssl dgst -sha256 -prverify sk.pem -signature data.sig data
278279
279- sk.sign(msg, hashfunc = hashlib.sha1, sigencode = ecdsa.util.sigencode_der)
280- vk.verify(sig, msg, hashfunc = hashlib.sha1, sigdecode = ecdsa.util.sigdecode_der)
280+ import hashlib
281+ from ecdsa import SigningKey, VerifyingKey
282+ from ecdsa.util import sigencode_der, sigdecode_der
283+
284+ with open (" vk.pem" as f:
285+ vk = VerifyingKey.from_pem(f.read())
286+
287+ with open (" data" " rb" as f:
288+ data = f.read()
289+
290+ with open (" data.sig" " rb" as f:
291+ signature = f.read()
292+
293+ assert vk.verify(signature, data, hashlib.sha256, sigdecode = sigdecode_der)
294+
295+ with open (" sk.pem" as f:
296+ sk = SigningKey.from_pem(f.read(), hashlib.sha256)
297+
298+ new_signature = sk.sign_deterministic(data, sigencode = sigencode_der)
299+
300+ with open (" data.sig2" " wb" as f:
301+ f.write(new_signature)
302+
303+ # openssl dgst -sha256 -verify vk.pem -signature data.sig2 data
281304```
282305
283- The keys that openssl handles can be read and written as follows:
306+ Note: if compatibility with OpenSSL 1.0.0 or earlier is necessary, the
307+ ` sigencode_string ` and ` sigdecode_string ` from ` ecdsa.util ` can be used for
308+ respectively writing and reading the signatures.
309+
310+ The keys also can be written in format that openssl can handle:
284311
285312``` python
286- sk = SigningKey.from_pem(open (" sk.pem"
287- open (" sk.pem" " w"
313+ from ecdsa import SigningKey, VerifyingKey
314+
315+ with open (" sk.pem" as f:
316+ sk = SigningKey.from_pem(f.read())
317+ with open (" sk.pem" " wb" as f:
318+ f.write(sk.to_pem())
288319
289- vk = VerifyingKey.from_pem(open (" vk.pem"
290- open (" vk.pem" " w"
320+ with open (" vk.pem" as f:
321+ vk = VerifyingKey.from_pem(f.read())
322+ with open (" vk.pem" " wb" as f:
323+ f.write(vk.to_pem())
291324```
292325
293326## Entropy
0 commit comments