-2

I am trying to verify an ECDSA signature which is 71 bytes with Python using ecdsa package. Here is my code:

import ecdsa
from hashlib import sha256

sig = bytes.fromhex("3045022100C63ECC434A7D78DA9CCB8328BF87564FE1DF3F1F879E5C578DDF4637AE7C47790220266BC4491EA8FCF740DA00F14CCA1E67D9A7EADD48BC24D033499879A17D1BF7")
message = bytes.fromhex("0A8163888A52B2C873DD3730DED740B5FA4373438BC129E65CA8E9F955DA5FB3")
pubKey = '02b4632d08485ff1df2db55b9dafd23347d1c47a457072a1e87be26896549a8737'
vk = ecdsa.VerifyingKey.from_string(bytes.fromhex(pubKey), curve=ecdsa.SECP256k1, hashfunc=sha256)
assert vk.verify(sig, message)

When I try to run this code, I get an error saying:

ecdsa.keys.BadSignatureError: ('Malformed formatting of signature', MalformedSignature('Invalid length of signature, expected 64 bytes long, provided string is 71 bytes long')).

How can I verify this type of signature?

MJay
  • 987
  • 1
  • 13
  • 36
  • 1
    ECDSA signatures (for SECP256k1) are 64 bytes. You have provided a malformed signature (wrong length) and it is correctly giving you an error. Why do you think this signature is valid? Where did you get it from? – Frank Yellin Sep 07 '22 at 05:42
  • @FrankYellin Thank you for your response, Frank. I am trying to verify a bitcoin signature which works with 70-72 bytes signatures and uses Secp256K1. I think the length is correct and I have provided with a correct signature. – MJay Sep 07 '22 at 05:51
  • 1
    Ah. Let me check what BitCoin uses. – Frank Yellin Sep 07 '22 at 05:54

1 Answers1

1

So there are two common encodings of ECDSA signatures. The standard one is 128 bytes. (Sorry, I said 64 in my comment above). The other is 70-72 bytes. The former is the "standard" encoding and is just two 64-byte strings concatenated. The latter is DER format.

The documentation for ECDSA says that you should be able to write:

import hashlib
from ecdsa.util import sigdecode_der
assert vk.verify(signature, data, hashlib.sha256, sigdecode=sigdecode_der)

no longer gives an error message about the wrong sized string, but it's still not verifying the signature.

Frank Yellin
  • 9,127
  • 1
  • 12
  • 22