Question 1

Is python-ecdsa safe to use in production?

Accepted Answer

No, the library explicitly states it is not designed for production security due to lack of side-channel protection. It's intended for testing, education, and environments where native code isn't feasible. For production, use libraries like pyca/cryptography.

Question 2

How to generate a Bitcoin-compatible signature with python-ecdsa?

Accepted Answer

Use the secp256k1 curve support in python-ecdsa to generate keys and sign messages. Ensure to use the correct hash function (e.g., SHA-256) and signature encoding (like DER) as per Bitcoin's protocol, referencing the library's curve and usage examples.

Question 3

python-ecdsa vs cryptography.io for ECDSA?

Accepted Answer

python-ecdsa is pure Python and portable, ideal for testing and education, while cryptography.io is a wrapper around OpenSSL, offering production-grade security, better performance, and more features. Choose based on your need for portability versus security and speed.

Question 4

How to perform ECDH key exchange with python-ecdsa?

Accepted Answer

Use the ECDH class provided in the library. Generate a private key, get the public key, exchange with the remote party, and derive the shared secret using their public key, as shown in the usage examples with NIST256p or other supported curves.

Question 5

What curves does python-ecdsa support?

Accepted Answer

It supports NIST Suite B curves (e.g., NIST192p, NIST256p), Brainpool curves, Ed25519, Ed448, secp256k1, and some SEC standard curves. The README lists all included curves, but adding new ones requires manual implementation.

Question 6

Can python-ecdsa verify signatures from OpenSSL commands?

Accepted Answer

Yes, it has built-in compatibility to verify signatures produced by OpenSSL tools, using the same PEM/DER formats and hash functions. The OpenSSL Compatibility section in the README provides code examples for this.

ecdsa

What is ecdsa?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions