StarkBank ECDSA

2.2.0 · active · verified Thu Apr 09

StarkBank ECDSA is a lightweight and fast pure Python library for Elliptic Curve Digital Signature Algorithm (ECDSA). As of version 2.2.0, it provides tools for generating private/public keys, signing data, and verifying signatures. The library maintains a steady release cadence, with several updates per year.

Warnings

breaking The PyPI package name changed from `ecdsa` to `starkbank-ecdsa` starting with version 2.0.0. Installations and imports must be updated.
Fix: Update your `requirements.txt` or `pyproject.toml` to `starkbank-ecdsa` and change all imports from `from ecdsa import ...` to `from starkbank_ecdsa import ...`.
gotcha The library primarily targets and is optimized for the `secp256k1` elliptic curve. While other curves might technically be supported via explicit `Curve` object instantiation, `PrivateKey.generate()` defaults to `secp256k1`. Users requiring different curves should verify compatibility and usage carefully.
Fix: If you need a different curve, ensure you are explicitly instantiating it (e.g., `private_key = PrivateKey.generate(curve=MyCustomCurve)`), but note that support for curves beyond `secp256k1` is not prominently featured or extensively tested.
gotcha This is a pure Python implementation of ECDSA. For highly performance-critical applications or scenarios requiring FIPS compliance, consider alternatives that utilize C extensions (e.g., `cryptography` library) which can offer significant speed advantages and certified implementations.
Fix: Evaluate performance needs. For most standard applications, `starkbank-ecdsa` is sufficient. For extreme throughput, benchmark against `cryptography`'s ECDSA features.

Install

pip install starkbank-ecdsa Install stable version

Imports

PrivateKey
```
from starkbank_ecdsa import PrivateKey
```
PublicKey
```
from starkbank_ecdsa import PublicKey
```
Ecdsa
```
from starkbank_ecdsa import Ecdsa
```
Curve
```
from starkbank_ecdsa import Curve
```
The package name changed from 'ecdsa' to 'starkbank_ecdsa' in version 2.0.0.

Quickstart

This quickstart demonstrates how to generate ECDSA private and public keys, sign a 32-byte message hash, and verify the resulting signature using `starkbank-ecdsa`.

import hashlib
from starkbank_ecdsa import PrivateKey, PublicKey, Ecdsa

# 1. Generate a new private key
private_key = PrivateKey.generate()
print(f"Private Key: {private_key.toPem().decode().strip()}")

# 2. Get the corresponding public key
public_key = private_key.public_key()
print(f"Public Key: {public_key.toPem().decode().strip()}")

# 3. Data to sign (must be a 32-byte hash)
message = "This is a test message for ECDSA signing and verification."
message_hash = hashlib.sha256(message.encode()).digest()
print(f"Message hash (bytes): {message_hash.hex()}")

# 4. Sign the message hash
signature = Ecdsa.sign(message_hash, private_key)
print(f"Signature (hex): {signature.toHex()}")

# 5. Verify the signature
is_valid = Ecdsa.verify(message_hash, signature, public_key)
print(f"Signature is valid: {is_valid}")

# Example of invalid signature (tampered message)
invalid_message_hash = hashlib.sha256(b"tampered message").digest()
is_invalid = Ecdsa.verify(invalid_message_hash, signature, public_key)
print(f"Signature with tampered message is valid: {is_invalid}")

view raw JSON →