Overview of ECDSA






Digital signature algorithm


Second, ECDSA principle









































Third, the IMPLEMENTATION of ECDSA in JDK


1, the KeyPairGenerator

















2, ECDSAPublicKey


3, ECDSAPublicKey


4, PKCS8EncodedKeySpec








5, Signature











Four, implementation,























import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; /** * public class ECDSAUtil {private static String STR ="hello"; 	public static void main(String[] args) {		jdkECDSA();	} 	public static void jdkECDSA() { 		try {			KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC"); keyPairGenerator.initialize(256); KeyPair keyPair = keyPairGenerator.generateKeyPair(); ECPublicKey ecPublicKey = (ECPublicKey) keyPair.getPublic(); ECPrivateKey ecPrivateKey = (ECPrivateKey) keyPair.getPrivate(); PKCS8EncodedKeySpec PKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(ecPrivateKey.getencoded ())); KeyFactory keyFactory = KeyFactory.getInstance("EC"); 			PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);			Signature signature = Signature.getInstance("SHA1withECDSA"); signature.initSign(privateKey); signature.update(str.getBytes()); byte[] sign = signature.sign(); X509EncodedKeySpec X509EncodedKeySpec = new X509EncodedKeySpec(ecPublicKey.getencoded ())); keyFactory = KeyFactory.getInstance("EC");			PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);			signature = Signature.getInstance("SHA1withECDSA"); signature.initVerify(publicKey); signature.update(str.getBytes()); boolean bool = signature.verify(sign); System.out.println(bool); } catch (Exception e) { e.printStackTrace(); }}}Copy the code

Five, ECDSA standards

There are many ECDSA standards and draft standards. Among those approved by issuing authorities are ANSI X9.62,FIPS 186-2,IEEE 1363-2000, and ISO 14888-3. ECDSA is also standardized by the Cryptography Standardization Organization (SECG), an organization that studies the universality potential of cryptography standards.

Major ECDSA standards

1. ANSI X9.62

The project began in 1995 and was officially promulgated as an ANSI standard in 1999. ANSI X9.62 offers high security and versatility. Its base domain can be EITHER Fp or F2m. Elements in F2m can be expressed in polynomial form or regular basis form. In polynomial form, ANSI X9.62 requires modular polynomials to be irreducible trinomials, and the standard provides some irreducible trinomials, as well as an irreducible penultimate. To improve generality, a modular polynomial is provided for each domain. If the normal basis representation method is used, ANSI X9.62 specifies the use of a Gaussian normal basis. The primary safety factor for elliptic curves is n, that is, base order, n greater than 2160 for ANSI X9.62. Elliptic curves are chosen using a random method. ANSI X9.62 specifies the use of a string in bytes to represent points on a curve, and ASN.1 syntax can clearly describe domain parameters, public keys, and signatures.

2.FIPS 186-2

In 1997, NIST began developing the FIPS 186 standard including elliptic curves and RSA signature algorithms. In 1998, NIST introduced FIPS186, which includes RSA and DSA digital signature scheme, also known as FIPS 186-1. In 1999, NIST introduced 15 kinds of elliptic curves to G0vment. These curves follow ANSI X9.62 and IEEE 1363-2000 forms. In 2000, FIPS 186-2 using the above curves was published, including THE ECDSA described in ANSI X9.62.

3. IEEE 1363-2000

The standard was published in 2000 as an IEEE standard. IEEE 1363 covers a wide range of fields, including public key encryption, key negotiation, digital signature based on IFP, DLP and ECDLP. Unlike ANSI X9.62 and FIPS 186, it has no minimum security restrictions (for example, base points are no longer restricted) and gives users full freedom. Therefore, IEEE 1363-2000 is not a security standard, nor does it have good universality. Its significance lies in providing reference for various applications. Its base domain could be, it could be. Elements in can be expressed in polynomial form or regular basis form. The representation of the element is an integer, and the representation of the element is a string. This is consistent with ANSI X9.62 and FIPS 186.

4.ISO/IEC 14888-3

This standard contains several signature algorithms, of which the ECDSA section is consistent with ANSI X9.62. If you are interested, you can study the use of THE ECDSA algorithm in bitcoin.