ECDSA Signature Tool
Elliptic Curve Digital Signature Algorithm
Generate ECDSA Key Pair
Generate a new random ECDSA key pair for the selected curve. Private key must be kept secret; public key can be shared.
Derive Public Key from Private Key
Enter an existing private key to compute the corresponding public key.
Documentation
ECDSA (Elliptic Curve Digital Signature Algorithm) is a widely-used digital signature scheme based on elliptic curve cryptography. It provides the same security level as RSA but with much smaller key sizes, making it ideal for resource-constrained environments like mobile devices and blockchain networks.
Key Features
- Small Key Size: 256-bit ECDSA provides comparable security to 3072-bit RSA
- Fast Operations: Signing and verification are significantly faster than RSA
- Compact Signatures: ECDSA signatures are much smaller than RSA signatures
- Multiple Curves: Support for secp256k1, P-256, P-384, and P-521 curves
- Industry Standard: Used in Bitcoin, Ethereum, TLS, and many other protocols
Supported Curves
- secp256k1: The curve used by Bitcoin and Ethereum. 256-bit security, optimized for efficient implementation.
- P-256 (secp256r1): NIST standard curve, widely used in TLS, government applications, and WebCrypto API.
- P-384 (secp384r1): NIST standard curve providing 192-bit security level, used in high-security applications.
- P-521 (secp521r1): NIST standard curve providing 256-bit security level, highest security ECDSA curve.
Hash Algorithms
- SHA-256: Standard choice for most applications. Used with P-256 and secp256k1 curves.
- SHA-384: Recommended for P-384 curve to match the security level.
- SHA-512: Recommended for P-521 curve. Provides 256-bit security.
- Keccak-256: Used by Ethereum for transaction signing. Not SHA-3, but the original Keccak with 256-bit output.
Common Use Cases
- Bitcoin & Blockchain: secp256k1 with SHA-256 double hash for transaction signing.
- Ethereum: secp256k1 with Keccak-256 for transaction and message signing.
- TLS/SSL Certificates: P-256 curve for HTTPS certificate signatures.
- Code Signing: Sign software releases to ensure authenticity and integrity.
- API Authentication: Sign API requests to prevent tampering and verify identity.
Security Best Practices
- Protect Private Keys: Never expose or share your private key. Use hardware security modules (HSM) for critical applications.
- Use Secure Random: ECDSA requires cryptographically secure random numbers. This tool uses the Web Crypto API.
- Verify Public Keys: Always verify public keys through a trusted channel before accepting signatures.
- Client-Side Processing: This tool runs entirely in your browser. Your keys never leave your device.
- Signature Malleability: ECDSA signatures can be malleable. Use canonical (low-S) signatures when required.
ECDSA vs Other Signature Schemes
| Feature | ECDSA (P-256) | RSA-2048 | Ed25519 |
|---|---|---|---|
| Private Key Size | 32 bytes | 256 bytes | 32 bytes |
| Public Key Size | 64 bytes | 256 bytes | 32 bytes |
| Signature Size | 64 bytes | 256 bytes | 64 bytes |
| Sign Speed | Fast | Slow | Very Fast |
| Verify Speed | Moderate | Fast | Very Fast |
| Deterministic | RFC 6979 | Yes | Yes |
Related Tools
Ed25519 Signature Tool
Generate Ed25519 key pairs, sign messages, and verify signatures using the Edwards-curve Digital Signature Algorithm
RSA Encryption/Decryption
Use RSA asymmetric encryption for public key encryption, private key decryption, digital signing and verification
SHA Hash Generator
Online SHA hash generator supporting SHA-1, SHA-256, SHA-384, SHA-512 algorithms
JWT Encoder/Decoder
Decode, verify, and generate JSON Web Tokens with support for multiple signing algorithms