EC Signature Generate & Verification


Elliptic Curve Generate Keys

Choose ECParam
Private Key Public Key
Plain Text Message Message Output Signature
For Signature Verification provide signature digest in (Base64)


Your Support Matters!

Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just $9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency



The EC Sign Verify

Elliptic Curve Digital Signature Algorithm or ECDSA is a cryptographic algorithm used by Bitcoin to ensure that funds can only be spent by their rightful owners.

This tool is capable of generating key the the curve

"c2pnb272w1", "c2tnb359v1", "prime256v1", "c2pnb304w1", "c2pnb368w1", "c2tnb431r1",
  "sect283r1", "sect283k1", "secp256r1", "sect571r1", "sect571k1", "sect409r1", "sect409k1",
  "secp521r1", "secp384r1", "P-521", "P-256", "P-384", "B-409", "B-283", "B-571", "K-409", "K-283",
  "K-571", "brainpoolp512r1", "brainpoolp384t1", "brainpoolp256r1", "brainpoolp512t1", "brainpoolp256t1",
  "brainpoolp320r1", "brainpoolp384r1", "brainpoolp320t1", "FRP256v1", "sm2p256v1"

secp256k1 refers to the parameters of the elliptic curve used in Bitcoin’s public-key cryptography, and is defined in Standards for Efficient Cryptography (SEC)

A few concepts related to ECDSA:

  • private key: A secret number, known only to the person that generated it. A private key is essentially a randomly generated number. In Bitcoin, a private key is a single unsigned 256 bit integer (32 bytes).
  • public key: A number that corresponds to a private key, but does not need to be kept secret. A public key can be calculated from a private key, but not vice versa. A public key can be used to determine if a signature is genuine (in other words, produced with the proper key) without requiring the private key to be divulged.
  • signature: A number that proves that a signing operation took place.

Openssl Generating EC Keys and Parameters

$ openssl ecparam -list_curves
secp256k1 : SECG curve over a 256 bit prime field
secp384r1 : NIST/SECG curve over a 384 bit prime field
secp521r1 : NIST/SECG curve over a 521 bit prime field
prime256v1: X9.62/SECG curve over a 256 bit prime field

An EC parameters file can then be generated for any of the built-in named curves as follows:

$ openssl ecparam -name secp256k1 -out secp256k1.pem
$ cat secp256k1.pem
 -----BEGIN EC PARAMETERS-----
 BgUrgQQACg==
 -----END EC PARAMETERS-----

To generate a private/public key pair from a pre-eixsting parameters file use the following:

$ openssl ecparam -in secp256k1.pem -genkey -noout -out secp256k1-key.pem
$ cat secp256k1-key.pem
 -----BEGIN EC PRIVATE KEY-----
 MHQCAQEEIKRPdj7XMkxO8nehl7iYF9WAnr2Jdvo4OFqceqoBjc8/oAcGBSuBBAAK
 oUQDQgAE7qXaOiK9jgWezLxemv+lxQ/9/Q68pYCox/y1vD1fhvosggCxIkiNOZrD
 kHqms0N+huh92A/vfI5FyDZx0+cHww==
 -----END EC PRIVATE KEY-----

Examine the specific details of the parameters associated with a particular named curve

$ openssl ecparam -in secp256k1.pem -text -param_enc explicit -noout
Field Type: prime-field
 Prime:
 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
 ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:fe:ff:
 ff:fc:2f
 A: 0
 B: 7 (0x7)
 Generator (uncompressed):
 04:79:be:66:7e:f9:dc:bb:ac:55:a0:62:95:ce:87:
 0b:07:02:9b:fc:db:2d:ce:28:d9:59:f2:81:5b:16:
 f8:17:98:48:3a:da:77:26:a3:c4:65:5d:a4:fb:fc:
 0e:11:08:a8:fd:17:b4:48:a6:85:54:19:9c:47:d0:
 8f:fb:10:d4:b8
 Order:
 00:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:
 ff:fe:ba:ae:dc:e6:af:48:a0:3b:bf:d2:5e:8c:d0:
 36:41:41
 Cofactor: 1 (0x1)

openssl ec sign verify example

Generate curve paramters

 openssl ecparam -name secp256k1 -out secp256k1.pem

-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----

Generate a private key

openssl ecparam -in secp256k1.pem -genkey -noout -out key1.pem

-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIEdN+5FYnj+vdNTeQTJypsrDL2WzD+mE4+sDxCG92T0/oAcGBSuBBAAK
oUQDQgAEj6L+Igws0+epgD13PpErSuddGlXfXrMyjQ/79Z8m10xFeklYy/CwD7yR
XDX/KEqvJ6iQBkIzsQrue0akNh/p+A==
-----END EC PRIVATE KEY-----

Generate the associated public key

openssl ec -in key1.pem -pubout > pubkey1.pem
cat pub1.pem

-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEj6L+Igws0+epgD13PpErSuddGlXfXrMy
jQ/79Z8m10xFeklYy/CwD7yRXDX/KEqvJ6iQBkIzsQrue0akNh/p+A==
-----END PUBLIC KEY-----

That's the data

echo -n hello 8gwifi.org > data

hello 8gwifi.org

Generate the (binary) signature and convert it to base64

openssl dgst -sha256 -sign key1.pem data > sig1
base64 sig1 > sig1b64
cat sig1b64

MEUCIHiBfZmjK1R92CifJ9rki3t66oh+hnZQik3oEtngSJoFAiEAv8jD44JMqlGQ+UGPQqJMymXOTkXacsP+KClyBnX0voQ=

Verify the signature (from base64)

base64 -d sig1b64  > sig1d
openssl dgst -sha256 -verify pubkey1.pem -signature sig1d data

Verified OK