Python ecdsa.ecdsa() Examples
The following are 19
code examples of ecdsa.ecdsa().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
ecdsa
, or try the search function
.
.
Example #1
| Source File: bitcoin.py From encompass with GNU General Public License v3.0 | 6 votes |
|
def encrypt_message(self, message, pubkey):
pk = ser_to_point(pubkey)
if not ecdsa.ecdsa.point_is_valid(generator_secp256k1, pk.x(), pk.y()):
raise Exception('invalid pubkey')
ephemeral_exponent = number_to_string(ecdsa.util.randrange(pow(2,256)), generator_secp256k1.order())
ephemeral = EC_KEY(ephemeral_exponent)
ecdh_key = point_to_ser(pk * ephemeral.privkey.secret_multiplier)
key = hashlib.sha512(ecdh_key).digest()
iv, key_e, key_m = key[0:16], key[16:32], key[32:]
ciphertext = aes_encrypt_with_iv(key_e, iv, message)
ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
encrypted = 'BIE1' + ephemeral_pubkey + ciphertext
mac = hmac.new(key_m, encrypted, hashlib.sha256).digest()
return base64.b64encode(encrypted + mac)
Example #2
| Source File: bitcoin.py From encompass with GNU General Public License v3.0 | 6 votes |
|
def _CKD_priv(k, c, s, is_prime):
import hmac
from ecdsa.util import string_to_number, number_to_string
order = generator_secp256k1.order()
keypair = EC_KEY(k)
cK = GetPubKey(keypair.pubkey,True)
data = chr(0) + k + s if is_prime else cK + s
I = hmac.new(c, data, hashlib.sha512).digest()
k_n = number_to_string( (string_to_number(I[0:32]) + string_to_number(k)) % order , order )
c_n = I[32:]
return k_n, c_n
# Child public key derivation function (from public key only)
# K = master public key
# c = master chain code
# n = index of key we want to derive
# This function allows us to find the nth public key, as long as n is
# non-negative. If n is negative, we need the master private key to find it.
Example #3
| Source File: ulord.py From Uwallet with MIT License | 6 votes |
|
def get_pubkeys_from_secret(secret):
# public key
private_key = ecdsa.SigningKey.from_string(secret, curve=SECP256k1)
public_key = private_key.get_verifying_key()
K = public_key.to_string()
K_compressed = GetPubKey(public_key.pubkey, True)
return K, K_compressed
# Child private key derivation function (from master private key)
# k = master private key (32 bytes)
# c = master chain code (extra entropy for key derivation) (32 bytes)
# n = the index of the key we want to derive. (only 32 bits will be used)
# If n is negative (i.e. the 32nd bit is set), the resulting private key's
# corresponding public key can NOT be determined without the master private key.
# However, if n is positive, the resulting private key's corresponding
# public key can be determined without the master private key.
Example #4
| Source File: ulord.py From Uwallet with MIT License | 6 votes |
|
def encrypt_message(cls, message, pubkey):
pk = ser_to_point(pubkey)
if not ecdsa.ecdsa.point_is_valid(generator_secp256k1, pk.x(), pk.y()):
raise Exception('invalid pubkey')
ephemeral_exponent = number_to_string(ecdsa.util.randrange(pow(2, 256)),
generator_secp256k1.order())
ephemeral = EC_KEY(ephemeral_exponent)
ecdh_key = point_to_ser(pk * ephemeral.privkey.secret_multiplier)
key = hashlib.sha512(ecdh_key).digest()
iv, key_e, key_m = key[0:16], key[16:32], key[32:]
ciphertext = aes_encrypt_with_iv(key_e, iv, message)
ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
encrypted = 'BIE1' + ephemeral_pubkey + ciphertext
mac = hmac.new(key_m, encrypted, hashlib.sha256).digest()
return base64.b64encode(encrypted + mac)
Example #5
| Source File: bitcoin.py From encompass with GNU General Public License v3.0 | 6 votes |
|
def from_signature(klass, sig, recid, h, curve):
""" See http://www.secg.org/download/aid-780/sec1-v2.pdf, chapter 4.1.6 """
from ecdsa import util, numbertheory
import msqr
curveFp = curve.curve
G = curve.generator
order = G.order()
# extract r,s from signature
r, s = util.sigdecode_string(sig, order)
# 1.1
x = r + (recid/2) * order
# 1.3
alpha = ( x * x * x + curveFp.a() * x + curveFp.b() ) % curveFp.p()
beta = msqr.modular_sqrt(alpha, curveFp.p())
y = beta if (beta - recid) % 2 == 0 else curveFp.p() - beta
# 1.4 the constructor checks that nR is at infinity
R = Point(curveFp, x, y, order)
# 1.5 compute e from message:
e = string_to_number(h)
minus_e = -e % order
# 1.6 compute Q = r^-1 (sR - eG)
inv_r = numbertheory.inverse_mod(r,order)
Q = inv_r * ( s * R + minus_e * G )
return klass.from_public_point( Q, curve )
Example #6
| Source File: ulord.py From Uwallet with MIT License | 6 votes |
|
def verify_message(cls, address, sig, message):
if len(sig) != 65:
raise Exception("Wrong encoding")
nV = ord(sig[0])
if nV < 27 or nV >= 35:
raise Exception("Bad encoding")
if nV >= 31:
compressed = True
nV -= 4
else:
compressed = False
recid = nV - 27
h = Hash(msg_magic(message))
public_key = MyVerifyingKey.from_signature(sig[1:], recid, h, curve=SECP256k1)
# check public key
public_key.verify_digest(sig[1:], h, sigdecode=ecdsa.util.sigdecode_string)
pubkey = point_to_ser(public_key.pubkey.point, compressed)
# check that we get the original signing address
addr = public_key_to_bc_address(pubkey)
if address != addr:
raise Exception("Bad signature")
# ECIES encryption/decryption methods; AES-128-CBC with PKCS7 is used as the cipher;
# hmac-sha256 is used as the mac
Example #7
| Source File: ulord.py From Uwallet with MIT License | 5 votes |
|
def sign(self, msg_hash):
private_key = MySigningKey.from_secret_exponent(self.secret, curve=SECP256k1)
public_key = private_key.get_verifying_key()
signature = private_key.sign_digest_deterministic(msg_hash, hashfunc=hashlib.sha256,
sigencode=ecdsa.util.sigencode_string)
assert public_key.verify_digest(signature, msg_hash, sigdecode=ecdsa.util.sigdecode_string)
return signature
Example #8
| Source File: BIP32Key.py From bip32utils with MIT License | 5 votes |
|
def CKDpub(self, i):
"""
Create a publicly derived child key of index 'i'.
If the most significant bit of 'i' is set, this is
an error.
Returns a BIP32Key constructed with the child key parameters,
or None if index would result in invalid key.
"""
if i & BIP32_HARDEN:
raise Exception("Cannot create a hardened child key using public child derivation")
# Data to HMAC. Same as CKDpriv() for public child key.
data = self.PublicKey() + struct.pack(">L", i)
# Get HMAC of data
(Il, Ir) = self.hmac(data)
# Construct curve point Il*G+K
Il_int = string_to_int(Il)
if Il_int >= CURVE_ORDER:
return None
point = Il_int*CURVE_GEN + self.K.pubkey.point
if point == INFINITY:
return None
# Retrieve public key based on curve point
K_i = ecdsa.VerifyingKey.from_public_point(point, curve=SECP256k1)
# Construct and return a new BIP32Key
return BIP32Key(secret=K_i, chain=Ir, depth=self.depth, index=i, fpr=self.Fingerprint(), public=True)
# Public methods
#
Example #9
| Source File: BIP32Key.py From bip32utils with MIT License | 5 votes |
|
def __init__(self, secret, chain, depth, index, fpr, public=False):
"""
Create a public or private BIP32Key using key material and chain code.
secret This is the source material to generate the keypair, either a
32-byte string representation of a private key, or the ECDSA
library object representing a public key.
chain This is a 32-byte string representation of the chain code
depth Child depth; parent increments its own by one when assigning this
index Child index
fpr Parent fingerprint
public If true, this keypair will only contain a public key and can only create
a public key chain.
"""
self.public = public
if public is False:
self.k = ecdsa.SigningKey.from_string(secret, curve=SECP256k1)
self.K = self.k.get_verifying_key()
else:
self.k = None
self.K = secret
self.C = chain
self.depth = depth
self.index = index
self.parent_fpr = fpr
# Internal methods not intended to be called externally
#
Example #10
| Source File: bitcrack.py From ecdsa-private-key-recovery with GNU General Public License v2.0 | 5 votes |
|
def __init__(self, sig, h, pubkey, curve=ecdsa.SECP256k1):
super(BTCSignature, self).__init__(sig, h, BTCSignature._fix_pubkey(pubkey), curve=curve)
Example #11
| Source File: ulord.py From Uwallet with MIT License | 5 votes |
|
def _CKD_pub(cK, c, s):
order = generator_secp256k1.order()
I = hmac.new(c, cK + s, hashlib.sha512).digest()
curve = SECP256k1
pubkey_point = string_to_number(I[0:32]) * curve.generator + ser_to_point(cK)
public_key = ecdsa.VerifyingKey.from_public_point(pubkey_point, curve=SECP256k1)
c_n = I[32:]
cK_n = GetPubKey(public_key.pubkey, True)
return cK_n, c_n
Example #12
| Source File: ulord.py From Uwallet with MIT License | 5 votes |
|
def __init__(self, k):
secret = string_to_number(k)
self.pubkey = ecdsa.ecdsa.Public_key(generator_secp256k1, generator_secp256k1 * secret)
self.privkey = ecdsa.ecdsa.Private_key(self.pubkey, secret)
self.secret = secret
Example #13
| Source File: ulord.py From Uwallet with MIT License | 5 votes |
|
def sign_number(self, number, entropy=None, k=None):
curve = SECP256k1
G = curve.generator
order = G.order()
r, s = ecdsa.SigningKey.sign_number(self, number, entropy, k)
if s > order / 2:
s = order - s
return r, s
Example #14
| Source File: bitcoin.py From encompass with GNU General Public License v3.0 | 5 votes |
|
def _CKD_pub(cK, c, s):
import hmac
from ecdsa.util import string_to_number, number_to_string
order = generator_secp256k1.order()
I = hmac.new(c, cK + s, hashlib.sha512).digest()
curve = SECP256k1
pubkey_point = string_to_number(I[0:32])*curve.generator + ser_to_point(cK)
public_key = ecdsa.VerifyingKey.from_public_point( pubkey_point, curve = SECP256k1 )
c_n = I[32:]
cK_n = GetPubKey(public_key.pubkey,True)
return cK_n, c_n
Example #15
| Source File: bitcoin.py From encompass with GNU General Public License v3.0 | 5 votes |
|
def verify_message(self, address, signature, message):
sig = base64.b64decode(signature)
if len(sig) != 65: raise Exception("Wrong encoding")
nV = ord(sig[0])
if nV < 27 or nV >= 35:
raise Exception("Bad encoding")
if nV >= 31:
compressed = True
nV -= 4
else:
compressed = False
recid = nV - 27
h = Hash( msg_magic(message) )
public_key = MyVerifyingKey.from_signature( sig[1:], recid, h, curve = SECP256k1 )
# check public key
public_key.verify_digest( sig[1:], h, sigdecode = ecdsa.util.sigdecode_string)
# check that we get the original signing address
addr = public_key_to_bc_address( point_to_ser(public_key.pubkey.point, compressed) )
if address != addr:
raise Exception("Bad signature")
# ECIES encryption/decryption methods; AES-128-CBC with PKCS7 is used as the cipher; hmac-sha256 is used as the mac
Example #16
| Source File: bitcoin.py From encompass with GNU General Public License v3.0 | 5 votes |
|
def sign_message(self, message, compressed, address):
private_key = ecdsa.SigningKey.from_secret_exponent( self.secret, curve = SECP256k1 )
public_key = private_key.get_verifying_key()
signature = private_key.sign_digest_deterministic( Hash( msg_magic(message) ), hashfunc=hashlib.sha256, sigencode = ecdsa.util.sigencode_string )
assert public_key.verify_digest( signature, Hash( msg_magic(message) ), sigdecode = ecdsa.util.sigdecode_string)
for i in range(4):
sig = base64.b64encode( chr(27 + i + (4 if compressed else 0)) + signature )
try:
self.verify_message( address, sig, message)
return sig
except Exception:
continue
else:
raise Exception("error: cannot sign message")
Example #17
| Source File: bitcoin.py From encompass with GNU General Public License v3.0 | 5 votes |
|
def __init__( self, k ):
secret = string_to_number(k)
self.pubkey = ecdsa.ecdsa.Public_key( generator_secp256k1, generator_secp256k1 * secret )
self.privkey = ecdsa.ecdsa.Private_key( self.pubkey, secret )
self.secret = secret
Example #18
| Source File: bitcrack.py From ecdsa-private-key-recovery with GNU General Public License v2.0 | 4 votes |
|
def verify_vin_old(txid, index):
# get raw transaction (txid) <-- vin[0]: scriptSig
rpc = BtcRpc("http://lala:lolo@127.0.0.1:8332")
rawtx = rpc.rpc.getrawtransaction(txid)
jsontxverbose = rpc.rpc.getrawtransaction(txid,1)
#pprint.pprint(jsontxverbose)
jsontx = pybitcointools.deserialize(rawtx)
pprint.pprint(jsontx)
scriptSigasm = jsontxverbose['vin'][index]['scriptSig']['asm']
logger.debug(scriptSigasm)
scriptSig = jsontx['ins'][index]['script']
sigpubdecoded = asn1der.decode(scriptSig.decode("hex")[1:]) # skip first push
sig = long(sigpubdecoded[0][0]), long(sigpubdecoded[0][1])
pubkey = sigpubdecoded[1]
sighash_type = pubkey[0]
logger.debug("sighash type: %r" % sighash_type)
push = pubkey[1]
btc_pubkey_type = pubkey[2]
pubkey = pubkey[3:]
logger.debug("r %s s %s"%(hex(sig[0]),hex(sig[1])))
logger.debug(pubkey.encode("hex"))
# generate signdata
# replace input script with funding script of 17SkEw2md5avVNyYgj6RiXuQKNwkXaxFyQ
for txin in jsontx['ins']:
txin['script']=''
funding_txid = jsontxverbose['vin'][index]['txid']
funding_tx = rpc.rpc.getrawtransaction(funding_txid,1)
#pprint.pprint(funding_tx)
funding_script = funding_tx['vout'][0]['scriptPubKey']['hex']
jsontx['ins'][index]['script']=funding_script
signdata= pybitcointools.serialize(jsontx) + "01000000" #SIGHASH ALL
import hashlib
digest = hashlib.sha256(hashlib.sha256(signdata.decode("hex")).digest()).digest()
logger.debug(digest[::-1].encode("hex"))
vk = VerifyingKey.from_string(pubkey, curve=curve)
logger.debug("verify --> %s "%(vk.pubkey.verifies(int(digest.encode("hex"),16),Signature(sig[0],sig[1]))))
#print vk.verify_digest(scriptSigasm.split("[ALL]",1)[0].decode("hex"), digest, sigdecode=ecdsa.util.sigdecode_der)
return BTCSignature(sig=Signature(sig[0],sig[1]),
h=int(digest.encode("hex"),16),
pubkey=pubkey,
)
Example #19
| Source File: BIP32Key.py From bip32utils with MIT License | 4 votes |
|
def fromExtendedKey(xkey, public=False):
"""
Create a BIP32Key by importing from extended private or public key string
If public is True, return a public-only key regardless of input type.
"""
# Sanity checks
raw = Base58.check_decode(xkey)
if len(raw) != 78:
raise ValueError("extended key format wrong length")
# Verify address version/type
version = raw[:4]
if version == EX_MAIN_PRIVATE:
keytype = 'xprv'
elif version == EX_MAIN_PUBLIC:
keytype = 'xpub'
else:
raise ValueError("unknown extended key version")
# Extract remaining fields
depth = ord(raw[4])
fpr = raw[5:9]
child = struct.unpack(">L", raw[9:13])[0]
chain = raw[13:45]
secret = raw[45:78]
# Extract private key or public key point
if keytype == 'xprv':
secret = secret[1:]
else:
# Recover public curve point from compressed key
lsb = ord(secret[0]) & 1
x = string_to_int(secret[1:])
ys = (x**3+7) % FIELD_ORDER # y^2 = x^3 + 7 mod p
y = sqrt_mod(ys, FIELD_ORDER)
if y & 1 != lsb:
y = FIELD_ORDER-y
point = ecdsa.ellipticcurve.Point(SECP256k1.curve, x, y)
secret = ecdsa.VerifyingKey.from_public_point(point, curve=SECP256k1)
is_pubkey = (keytype == 'xpub')
key = BIP32Key(secret=secret, chain=chain, depth=depth, index=child, fpr=fpr, public=is_pubkey)
if not is_pubkey and public:
key = key.SetPublic()
return key
# Normal class initializer
