Tool - ECDSA Sign/Verify features

[shimizus3106]

Dear user in furum.

I have question about ECDSA Sign/Verify features.
Those are very useful but its on browser, not stand alone.

So I want to know :

1 . Can we use the function on Stand alone - any souce code or binary ?
2 . Can we realize same features with OpenSSL command (or anyother tool) ?

Indeed, I trying with Openssl but have difficulty in..

Any information and help highly appreciate.

thanks,
Shigenori

[shimizus3106]

Hello, user.

Additionally, I will try to check ECDSA to know its algo with ECDSA Sign/Verify and OpenSSL, ECC key gen / ECDSA sign.
I put Keypair parameter to ECDSA Sign/Verify and also HM to get signature with secp256k1,
but I dont know what I should set "K"... I dont find parameters from OpenSSL, secp256k1.
As I dont know ECC/ECDSA well for now,
Could you let me know what I making mistake ??

thanks,

[parkplaza]

An open source FYI. https://pypi.org/project/pycrypto/

[AlexLiu]

(1)I'm not very clear with your question, but you can see if I make the right guesses: You want to call an ECDSA_sign interface make a ecdsa signature,using parameters(private key of key pair, Hm, ecc curve parameters secp256k1),but there is parameter K, you don't know how to deal with it. Then you checked the public API ECDSA_sign of openssl, and there is no need to offer this parameter when do a signature, so you are more confused.
(2)About ECDSA_sign algo, there involves a random number during the signature, so if you don't fixed this random number, even if other parameters you input are the same, the output signature will still differ. So I guess the parameter K indicates the random number during signature, let you to choose a random number and input it, doing this helps users to verify the correctness of the interface. But it's not safe in a security view. Most other ECDSA_sign apis do not let users to offer the random number,they used their own random numbers generated by the Random number generator.
(3)If you want to verify the correctness of ECDSA_sign interface you called, you can using this interface to generate a signature(let's say signatureA), and then using ECDSA_verify offered by a trusted platform (like openssl) to verify signatureA; if verify passes, then using ECDSA_sign offered by a trusted platform (like openssl) to generate a signature(let's say signatureB), and unsing ECDSA_verify(correspond to ECDSA_sign interface you called) to verify signatureB, if verify passes, then proves that the correctness of the interface you called is okay.