Available on crate feature ecdsa-core only.
Expand description

Ethereum-style “recoverable signatures”.

These signatures include an additional Id field which allows for recovery of the VerifyingKey which can be used to verify them.

This is helpful in cases where a hash/fingerprint of a VerifyingKey for a given signature in known in advance.

Signing/Recovery Example

NOTE: make sure to enable both the ecdsa and keccak256 features of this crate for the example to work.

use k256::{
    ecdsa::{SigningKey, recoverable, signature::Signer},
use rand_core::OsRng; // requires 'getrandom' feature

// Signing
let signing_key = SigningKey::random(&mut OsRng); // Serialize with `::to_bytes()`
let verifying_key = signing_key.verifying_key();
let message = b"ECDSA proves knowledge of a secret number in the context of a single message";

// Note: the signature type must be annotated or otherwise inferrable as
// `Signer` has many impls of the `Signer` trait (for both regular and
// recoverable signature types).
let signature: recoverable::Signature = signing_key.sign(message);
let recovered_key = signature.recover_verifying_key(message).expect("couldn't recover pubkey");

assert_eq!(&verifying_key, &recovered_key);


Identifier used to compute a VerifyingKey from a Signature.

Ethereum-style “recoverable signatures” which allow for the recovery of the signer’s VerifyingKey from the signature itself.


Size of an Ethereum-style recoverable signature in bytes