Expand description
§RustCrypto: RFC6979 Deterministic Signatures
Pure Rust implementation of RFC6979: Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA).
Algorithm described in RFC 6979 § 3.2: https://tools.ietf.org/html/rfc6979#section-3
§Minimum Supported Rust Version
This crate requires Rust 1.85 at a minimum.
We may change the MSRV in the future, but it will be accompanied by a minor version bump.
§License
All crates licensed under either of
at your option.
§Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
§Usage
See also: KGenerator documentation.
use hex_literal::hex;
use rfc6979::bigint::U256;
use sha2::{Digest, Sha256};
// NIST P-256 field modulus
const NIST_P256_MODULUS: U256 = U256::from_be_hex(
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"
);
// Private key for RFC6979 NIST P256/SHA256 test case (see RFC6979 Appendix A.2.5).
// WARNING: don't hardcode private keys in your source code!
const RFC6979_KEY: [u8; 32] =
hex!("C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721");
// Test message for RFC6979 NIST P256/SHA256 test case
const RFC6979_MSG: &[u8] = b"sample";
// Expected K for RFC6979 NIST P256/SHA256 test case
const RFC6979_EXPECTED_K: [u8; 32] =
hex!("A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60");
let h = Sha256::digest(RFC6979_MSG);
let aad = b"";
let mut kgen = rfc6979::KGenerator::<Sha256, U256>::new(&RFC6979_KEY, &h, aad, &NIST_P256_MODULUS);
let mut k = [0u8; U256::BYTES];
kgen.fill_next_k(&mut k);
assert_eq!(k, RFC6979_EXPECTED_K);Re-exports§
Modules§
Structs§
- KGenerator
- Deterministic generator for the ephemeral scalar
kas used by (EC)DSA.