{"id":1729,"library":"starkbank-ecdsa","title":"StarkBank ECDSA","description":"StarkBank ECDSA is a lightweight and fast pure Python library for Elliptic Curve Digital Signature Algorithm (ECDSA). As of version 2.2.0, it provides tools for generating private/public keys, signing data, and verifying signatures. The library maintains a steady release cadence, with several updates per year.","status":"active","version":"2.2.0","language":"en","source_language":"en","source_url":"https://github.com/starkbank/ecdsa-python","tags":["ecdsa","cryptography","signing","security","pure-python"],"install":[{"cmd":"pip install starkbank-ecdsa","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"symbol":"PrivateKey","correct":"from starkbank_ecdsa import PrivateKey"},{"symbol":"PublicKey","correct":"from starkbank_ecdsa import PublicKey"},{"symbol":"Ecdsa","correct":"from starkbank_ecdsa import Ecdsa"},{"note":"The package name changed from 'ecdsa' to 'starkbank_ecdsa' in version 2.0.0.","wrong":"from ecdsa import Curve","symbol":"Curve","correct":"from starkbank_ecdsa import Curve"}],"quickstart":{"code":"import hashlib\nfrom starkbank_ecdsa import PrivateKey, PublicKey, Ecdsa\n\n# 1. Generate a new private key\nprivate_key = PrivateKey.generate()\nprint(f\"Private Key: {private_key.toPem().decode().strip()}\")\n\n# 2. Get the corresponding public key\npublic_key = private_key.public_key()\nprint(f\"Public Key: {public_key.toPem().decode().strip()}\")\n\n# 3. Data to sign (must be a 32-byte hash)\nmessage = \"This is a test message for ECDSA signing and verification.\"\nmessage_hash = hashlib.sha256(message.encode()).digest()\nprint(f\"Message hash (bytes): {message_hash.hex()}\")\n\n# 4. Sign the message hash\nsignature = Ecdsa.sign(message_hash, private_key)\nprint(f\"Signature (hex): {signature.toHex()}\")\n\n# 5. Verify the signature\nis_valid = Ecdsa.verify(message_hash, signature, public_key)\nprint(f\"Signature is valid: {is_valid}\")\n\n# Example of invalid signature (tampered message)\ninvalid_message_hash = hashlib.sha256(b\"tampered message\").digest()\nis_invalid = Ecdsa.verify(invalid_message_hash, signature, public_key)\nprint(f\"Signature with tampered message is valid: {is_invalid}\")\n","lang":"python","description":"This quickstart demonstrates how to generate ECDSA private and public keys, sign a 32-byte message hash, and verify the resulting signature using `starkbank-ecdsa`."},"warnings":[{"fix":"Update your `requirements.txt` or `pyproject.toml` to `starkbank-ecdsa` and change all imports from `from ecdsa import ...` to `from starkbank_ecdsa import ...`.","message":"The PyPI package name changed from `ecdsa` to `starkbank-ecdsa` starting with version 2.0.0. Installations and imports must be updated.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"If you need a different curve, ensure you are explicitly instantiating it (e.g., `private_key = PrivateKey.generate(curve=MyCustomCurve)`), but note that support for curves beyond `secp256k1` is not prominently featured or extensively tested.","message":"The library primarily targets and is optimized for the `secp256k1` elliptic curve. While other curves might technically be supported via explicit `Curve` object instantiation, `PrivateKey.generate()` defaults to `secp256k1`. Users requiring different curves should verify compatibility and usage carefully.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Evaluate performance needs. For most standard applications, `starkbank-ecdsa` is sufficient. For extreme throughput, benchmark against `cryptography`'s ECDSA features.","message":"This is a pure Python implementation of ECDSA. For highly performance-critical applications or scenarios requiring FIPS compliance, consider alternatives that utilize C extensions (e.g., `cryptography` library) which can offer significant speed advantages and certified implementations.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}