When using ECDSA, a digital signature attests the authenticity of a set of data. It is calculated using a private key and a hash of the message. This process is called signing the message. The other party can check the signature using a hash of the message and a public key that corresponds to the private key used in the signing. This process is called verifying the message.
A valid signature indicates that:
From a technical point of view, a signature is a pair of big integers of size equal to the size of a private key used to generate the signature. Meaning of the integers depends on the selected digital signature scheme.
For information about public-private key management and general concepts regarding ECC, see ECC - Elliptic Curve Cryptography.
For detailed API documentation of this module, see Elliptic Curve Digital Signature (ECDSA).
The library provides two functions to perform ECDSA: nrf_crypto_ecdsa_sign and nrf_crypto_ecdsa_verify. Not all of these functions are implemented by the backends. See the table at Backends and nrf_crypto backend modules.
This library represents a signature as an array of bytes containing two big integers in big-endian order. Use nrf_crypto_ecc_byte_order_invert if little endian is required. Signature size depends on the curve type. Array type nrf_crypto_ecdsa_signature_t is big enough to hold a signature from any of the enabled curve types. There are also curve specific types, such as nrf_crypto_ecdsa_secp256r1_signature_t that can be used to reduce memory consumption. See Memory saving for more details.
Random number generator is required to perform signing in a secure way, see Dependencies.
Signing a hash of the message:
Verifying a signature:
ECDSA functionality depends on the selected backend. See Backends for more details about backends. Function availability is summarized in the table below:
API function | CC310 1 | mbed TLS | Oberon 1 | µECC | CC310_BL |
---|---|---|---|---|---|
nrf_crypto_ecdsa_sign | | | | | |
nrf_crypto_ecdsa_verify | | | | | |
1 - Hash size can only be 160, 224, 256, 384, or 512-bit long.
2 - Only hash of length 256 bit or longer.
RNG - Random Number Generator is required for nrf_crypto_ecdsa_sign. It must be correctly configured and initialized before calling the function.
RNG dependency does not apply to Experimental: Ed25519 – EdDSA using SHA-512 and Curve25519.
Ed25519 is a version of EdDSA (Edwards-curve Digital Signature Algorithm) using SHA-512 and Curve25519. Curve25519 is not compatible with ECDSA, so a different digital signature scheme must be used for signing and verifying with Curve25519. Ed25519 is available using the same API as ECDSA, but it is not the same scheme.
Ed25519 is available in the API as a separate curve type. Variable g_nrf_crypto_ecc_ed25519_curve_info must be passed to key creation functions to use Ed25519.
Example of signing with Ed25519:
See ECDSA Example for an example that shows the ECDSA procedure.
For an example showing the verification procedure of ECDSA, see Test Example.