Python ECDSA 相同的公钥（使用 ecdsa.VerifyingKey 生成）不验证

Question

如果我直接用sk.get_verifying_key()签名密钥生成公钥

它可以正常工作并验证它，但如果我尝试使用ecdsa.VerifyingKey.from_string 手动创建公钥，由于某种原因它不会验证它并返回 false。

复制粘贴以下代码并运行你会发现奇怪的区别

import random
import string
import sys
import ecdsa
import hashlib
import binascii

# randomly generate secret and public keys
sk = ecdsa.SigningKey.generate(curve=ecdsa.NIST256p, hashfunc = hashlib.sha256)
pk = sk.get_verifying_key()

publicKeyVerifyObject = ecdsa.VerifyingKey.from_string(bytes.fromhex(binascii.hexlify(pk.to_string()).decode('utf-8')), curve=ecdsa.NIST256p)

print("public key:", binascii.hexlify(pk.to_string()))
print("public key:", binascii.hexlify(publicKeyVerifyObject.to_string()))

# a message to sign
name = "lastpeony"

# signature of the message
signature = sk.sign(name.encode('utf-8'))


#first test
try:
    print (publicKeyVerifyObject.verify(signature, name.encode('utf-8')))
except ecdsa.BadSignatureError:
    print (False) 


#second test
try:
    print (pk.verify(signature, name.encode('utf-8')))
except ecdsa.BadSignatureError:
    print (False) 

我期望的是两个测试的 True True 输出。

Answer 1

您在publicKeyVerifyObject 中缺少hashfunc = hashlib.sha256，默认为sha1。

试试

publicKeyVerifyObject = ecdsa.VerifyingKey.from_string(bytes.fromhex(binascii.hexlify(pk.to_string()).decode('utf-8')), curve=ecdsa.NIST256p, hashfunc = hashlib.sha256)

结果：

public key: b'659ee7dcc3905b7be2969ec1c09824d81d85f54202865eeee3e5a950f585d092b90727759bded7caad24825a501e6e4bf2cb05726d9a153de7a3cc3a58ccc7c7'
public key: b'659ee7dcc3905b7be2969ec1c09824d81d85f54202865eeee3e5a950f585d092b90727759bded7caad24825a501e6e4bf2cb05726d9a153de7a3cc3a58ccc7c7'
True
True