纯python ECDSA签名,验证和ECDH密钥协议.zip

# Pure-Python ECDSA and ECDH [](https://github.com/tlsfuzzer/python-ecdsa/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster) [](https://ecdsa.readthedocs.io/en/latest/?badge=latest) [](https://coveralls.io/github/tlsfuzzer/python-ecdsa?branch=master)   [](https://github.com/tlsfuzzer/python-ecdsa/actions/workflows/codeql.yml) [](https://pypi.python.org/pypi/ecdsa/)  This is an easy-to-use implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman), implemented purely in Python, released under the MIT license. With this library, you can quickly create key pairs (signing key and verifying key), sign messages, and verify the signatures. You can also agree on a shared secret key based on exchanged public keys. The keys and signatures are very short, making them easy to handle and incorporate into other protocols. **NOTE: This library should not be used in production settings, see [Security](#Security) for more details.** ## Features This library provides key generation, signing, verifying, and shared secret derivation for five popular NIST "Suite B" GF(p) (_prime field_) curves, with key lengths of 192, 224, 256, 384, and 521 bits. The "short names" for these curves, as known by the OpenSSL tool (`openssl ecparam -list_curves`), are: `prime192v1`, `secp224r1`, `prime256v1`, `secp384r1`, and `secp521r1`. It includes the 256-bit curve `secp256k1` used by Bitcoin. There is also support for the regular (non-twisted) variants of Brainpool curves from 160 to 512 bits. The "short names" of those curves are: `brainpoolP160r1`, `brainpoolP192r1`, `brainpoolP224r1`, `brainpoolP256r1`, `brainpoolP320r1`, `brainpoolP384r1`, `brainpoolP512r1`. Few of the small curves from SEC standard are also included (mainly to speed-up testing of the library), those are: `secp112r1`, `secp112r2`, `secp128r1`, and `secp160r1`. Key generation, siging and verifying is also supported for Ed25519 and Ed448 curves. No other curves are included, but it is not too hard to add support for more curves over prime fields. ## Dependencies This library uses only Python and the 'six' package. It is compatible with Python 2.6, 2.7, and 3.6+. It also supports execution on alternative implementations like pypy and pypy3. If `gmpy2` or `gmpy` is installed, they will be used for faster arithmetic. Either of them can be installed after this library is installed, `python-ecdsa` will detect their presence on start-up and use them automatically. You should prefer `gmpy2` on Python3 for optimal performance. To run the OpenSSL compatibility tests, the 'openssl' tool must be in your `PATH`. This release has been tested successfully against OpenSSL 0.9.8o, 1.0.0a, 1.0.2f, 1.1.1d and 3.0.1 (among others). ## Installation This library is available on PyPI, it's recommended to install it using `pip`: ``` pip install ecdsa ``` In case higher performance is wanted and using native code is not a problem, it's possible to specify installation together with `gmpy2`: ``` pip install ecdsa[gmpy2] ``` or (slower, legacy option): ``` pip install ecdsa[gmpy] ``` ## Speed The following table shows how long this library takes to generate key pairs (`keygen`), to sign data (`sign`), to verify those signatures (`verify`), to derive a shared secret (`ecdh`), and to verify the signatures with no key-specific precomputation (`no PC verify`). All those values are in seconds. For convenience, the inverses of those values are also provided: how many keys per second can be generated (`keygen/s`), how many signatures can be made per second (`sign/s`), how many signatures can be verified per second (`verify/s`), how many shared secrets can be derived per second (`ecdh/s`), and how many signatures with no key specific precomputation can be verified per second (`no PC verify/s`). The size of raw signature (generally the smallest the way a signature can be encoded) is also provided in the `siglen` column. Use `tox -e speed` to generate this table on your own computer. On an Intel Core i7 4790K @ 4.0GHz I'm getting the following performance: ``` siglen keygen keygen/s sign sign/s verify verify/s no PC verify no PC verify/s NIST192p: 48 0.00032s 3134.06 0.00033s 2985.53 0.00063s 1598.36 0.00129s 774.43 NIST224p: 56 0.00040s 2469.24 0.00042s 2367.88 0.00081s 1233.41 0.00170s 586.66 NIST256p: 64 0.00051s 1952.73 0.00054s 1867.80 0.00098s 1021.86 0.00212s 471.27 NIST384p: 96 0.00107s 935.92 0.00111s 904.23 0.00203s 491.77 0.00446s 224.00 NIST521p: 132 0.00210s 475.52 0.00215s 464.16 0.00398s 251.28 0.00874s 114.39 SECP256k1: 64 0.00052s 1921.54 0.00054s 1847.49 0.00105s 948.68 0.00210s 477.01 BRAINPOOLP160r1: 40 0.00025s 4003.88 0.00026s 3845.12 0.00053s 1893.93 0.00105s 949.92 BRAINPOOLP192r1: 48 0.00033s 3043.97 0.00034s 2975.98 0.00063s 1581.50 0.00135s 742.29 BRAINPOOLP224r1: 56 0.00041s 2436.44 0.00043s 2315.51 0.00078s 1278.49 0.00180s 556.16 BRAINPOOLP256r1: 64 0.00053s 1892.49 0.00054s 1846.24 0.00114s 875.64 0.00229s 437.25 BRAINPOOLP320r1: 80 0.00073s 1361.26 0.00076s 1309.25 0.00143s 699.29 0.00322s 310.49 BRAINPOOLP384r1: 96 0.00107s 931.29 0.00111s 901.80 0.00230s 434.19 0.00476s 210.20 BRAINPOOLP512r1: 128 0.00207s 483.41 0.00212s 471.42 0.00425s 235.43 0.00912s 109.61 SECP112r1: 28 0.00015s 6672.53 0.00016s 6440.34 0.00031s 3265.41 0.00056s 1774.20 SECP112r2: 28 0.00015s 6697.11 0.00015s 6479.98 0.00028s 3524.72 0.00058s 1716.16 SECP128r1: 32 0.00018s 5497.65 0.00019s 5272.89 0.00036s 2747.39 0.00072s 1396.16 SECP160r1: 42 0.00025s 3949.32 0.00026s 3894.45 0.00046s 2153.85 0.00102s 985.07 Ed25519: 64 0.00076s 1324.48 0.00042s 2405.01 0.00109s 918.05 0.00344s 290.50 Ed448: 114 0.00176s 569.53 0.00115s 870.94 0.00282s 355.04 0.01024s 97.69 ecdh ecdh/s NIST192p: 0.00104s 964.89 NIST224p: 0.00134s 748.63 NIST256p: 0.00170s 587.08 NIST384p: 0.00352s 283.90 NIST521p: 0.00717s 139.51 SECP256k1: 0.00154s 648.40 BRAINPOOLP160r1: 0.00082s 1220.70 BRAINPOOLP192r1: 0.00105s 956.75 BRAINPOOLP224r1: 0.00136s 734.52 BRAINPOOLP256r1: 0.00178s 563.32 BRAINPOOLP320r1: 0.00252s 397.23 BRAINPOOLP384r1: 0.00376s 266.27 BRAINPOOLP512r1: 0.00733s 136.3