# Elliptic curve digital signature algorithm (ECDSA)

ECDSA is a digital signature algorithm using elliptic-curve cryptography. A private key is used to sign a message and a public key is used verify the signature.

The message is hashed with algorithms like SHA-256 before signing.

```
import (
"crypto/ecdsa"
"crypto/rand"
"crypto/sha256"
)
msg := "Hello world!"
hash := sha256.Sum256([]byte(msg))
signature, err := ecdsa.SignASN1(rand.Reader, privateKey, hash[:])
```

## Signatures

ECDSA signatures are represented using a pair of positive integers, (r, s).

### IEEE P1363

In the IEEE P1363 format, the signature is the concatenation of r and s. The values are encoded as big-endian bytes with a size equivalent to the curve size. For example, P-256 is 256 bits or 32 bytes in size.

```
r || s;
```

### PKIX

In RFC 5480 by the PKIX working group, the signature is ASN.1 DER encoded sequence of r and s.

```
SEQUENCE {
r INTEGER,
s INTEGER
}
```

## Public keys

ECDSA public keys are represented as a pair of positive integers, (x, y).

### SEC1

In SEC 1, public keys can either be encoded in an uncompressed or compressed form. Uncompressed keys are the concatenation of x and y, with a leading `0x04`

byte. The values are encoded as big-endian bytes with a size equivalent to the curve size. For example, P-256 is 256 bits or 32 bytes in size.

```
0x04 || x || y
```

Compressed keys are the x value with a leading `0x02`

byte if x is even or `0x03`

byte if x is odd. The y value can be derived from x and the curve.

```
0x02 || x
0x03 || x
```

### PKIX

In RFC 5480 by the PKIX working group, the public key is represented as a `SubjectPublicKeyInfo`

ASN.1 sequence. The `subjectPublicKey`

is either the compressed or uncompressed SEC1 public key.

```
SubjectPublicKeyInfo := SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
```

The `AlgorithmIdentifier`

for ECDSA is an ASN.1 sequence with the ECDSA object identifier (`1.2.840.10045.2.1`

) and the curve (e.g. `1.2.840.10045.3.1.7`

for P-256 curve)

```
AlgorithmIdentifier := SEQUENCE {
algorithm OBJECT IDENTIFIER
namedCurve OBJECT IDENTIFIER
}
```