ECDSA Cryptographic Signature Library

0.19.2 · active · verified Sun Mar 29

ecdsa is a pure Python implementation of Elliptic Curve Cryptography (ECC) supporting ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm), and ECDH (Elliptic Curve Diffie-Hellman). It is actively maintained with several releases per year, providing a robust solution for digital signatures in Python applications. The current version is 0.19.2.

Warnings

breaking CVE-2024-23342 (Minerva Timing Attack) affects P-256 curves in versions 0.18.0 and prior. This side-channel vulnerability allows attackers to leak the internal nonce via timing measurements, potentially leading to private key discovery. The maintainers consider side-channel attacks out of scope, and no fix is planned for this pure-Python implementation.
Fix: For security-sensitive applications where side-channel resistance is critical, consider using a cryptographic library with constant-time implementations (e.g., `cryptography` library) or ensure your environment mitigates timing attacks.
breaking CVE-2026-33936 fixed a DER parsing issue where truncated buffers were not detected, which could lead to unexpected exceptions in functions like `SigningKey.from_der()` when parsing malformed data.
Fix: Update to version 0.19.2 or later to ensure robust DER parsing and prevent potential DoS from malformed inputs. Carefully validate any DER-encoded inputs from untrusted sources.
gotcha When serializing keys using `to_pem()` or `to_der()`, in versions 0.16.0 and later, it is recommended to explicitly set `format="pkcs8"`. Not doing so will default to the legacy 'ssleay' format, which may not be the desired standard for modern applications or interoperability.
Fix: Always specify `format="pkcs8"` when calling `to_pem()` or `to_der()` for private keys: `key.to_pem(format="pkcs8")`.
deprecated Official support for Python 3.3 and 3.4 was dropped starting from version 0.19.0 due to CI environment challenges.
Fix: Upgrade to a currently supported Python version (e.g., Python 3.8 or newer).
gotcha The `to_string()` method, inherited from Python 2 naming conventions, actually returns `bytes` objects, not Python `str`.
Fix: Handle the return value as `bytes` when using `to_string()`.
gotcha When deserializing keys using `SigningKey.from_string(s, curve)` or `VerifyingKey.from_string(s, curve)`, the `curve` parameter *must* be explicitly provided as the short string format does not embed curve information. If the wrong curve is provided, verification will fail or lead to incorrect keys.
Fix: Ensure you store and provide the correct elliptic curve (e.g., `NIST256p`) when using `from_string()`.

Install

pip install ecdsa Install latest version

Imports

SigningKey
```
from ecdsa import SigningKey
```
VerifyingKey
```
from ecdsa import VerifyingKey
```
NIST256p
```
from ecdsa import NIST256p
```
SECP256k1
```
from ecdsa import SECP256k1
```

Quickstart

This quickstart demonstrates how to generate an ECDSA private and public key pair using the NIST256p curve, sign a message digest with the private key, and then verify the signature using the corresponding public key.

import hashlib
from ecdsa import SigningKey, NIST256p, VerifyingKey

# 1. Generate a private key using the NIST256p curve
sk = SigningKey.generate(curve=NIST256p)
print("Private Key (hex):", sk.to_string().hex())

# 2. Derive the public key
vk = sk.get_verifying_key()
print("Public Key (hex):", vk.to_string().hex())

# 3. Message to sign (must be bytes)
message = b"This is a test message to be signed."

# Hash the message before signing
message_hash = hashlib.sha256(message).digest()

# 4. Sign the message hash
signature = sk.sign_digest(message_hash)
print("Signature (hex):", signature.hex())

# 5. Verify the signature
try:
    assert vk.verify_digest(signature, message_hash) == True
    print("Signature is valid.")
except Exception as e:
    print(f"Signature verification failed: {e}")

view raw JSON →