[Cryptography-dev] Generating deterministic ECDSA signatures

Alex Gaynor alex.gaynor at gmail.com
Mon Dec 12 07:34:32 EST 2016


Hi Eran,

At the moment, no. Right now we simply use whatever OpenSSL does for
generating `k`.

Alex

On Mon, Dec 12, 2016 at 6:43 AM, Eran Messeri via Cryptography-dev <
cryptography-dev at python.org> wrote:

> Hi,
>
> Is there a way to generate deterministic ECDSA signatures?
> With the following code I get a different signature each time:
> eckey = default_backend().load_pem_private_key(pkey_pem, password=None)
> eckey.sign('test', ec.ECDSA(hashes.SHA256()))
>
> But to implement signing code compliant with RFC6962-bis (section 12.4,
> draft 21: https://tools.ietf.org/html/draft-ietf-trans-rfc6962-
> bis-21#section-12.4) the signature produced has to be the same every time.
>
> Thanks,
> Eran
>
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>
>


-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20161212/09cbd9c6/attachment.html>


More information about the Cryptography-dev mailing list