Home

Awesome

secp256k1-py Build Status

Python FFI bindings for libsecp256k1 (an experimental and optimized C library for EC operations on curve secp256k1).

Previously maintained by Ludvig Broberg, now at https://github.com/rustyrussell/secp256k1-py .

Installation

pip install secp256k1

Precompiled binary packages (wheels)

Precompiled binary wheels is available for Python 2.7, 3.3, 3.4, and 3.5 on Linux. To take advantage of those you need to use pip >= 8.1.0.

In case you don't want to use the binary packages you can prevent pip from using them with the following command:

pip install --no-binary :all: secp256k1

Installation with compilation

If you either can't or don't want to use the binary package options described above read on to learn what is needed to install the source pacakge.

The library bundles its own libsecp256k1 currently, as there is no versioning to allow us to safely determine compatibility with an installed library, especially as we also build all the experimental modules.

For the bundled version to compile successfully you need to have a C compiler as well as the development headers for libffi and libgmp installed.

On Debian / Ubuntu for example the necessary packages are:

On OS X the necessary homebrew packages are:

Command line usage

Generate a private key and show the corresponding public key
$ python -m secp256k1 privkey -p

a1455c78a922c52f391c5784f8ca1457367fa57f9d7a74fdab7d2c90ca05c02e
Public key: 02477ce3b986ab14d123d6c4167b085f4d08c1569963a0201b2ffc7d9d6086d2f3
Sign a message
$ python -m secp256k1 sign \
	-k a1455c78a922c52f391c5784f8ca1457367fa57f9d7a74fdab7d2c90ca05c02e \
	-m hello

3045022100a71d86190354d64e5b3eb2bd656313422cdf7def69bf3669cdbfd09a9162c96e0220713b81f3440bff0b639d2f29b2c48494b812fa89b754b7b6cdc9eaa8027cf369
Check signature
$ python -m secp256k1 checksig \
	-p 02477ce3b986ab14d123d6c4167b085f4d08c1569963a0201b2ffc7d9d6086d2f3 \
	-m hello \
	-s 3045022100a71d86190354d64e5b3eb2bd656313422cdf7def69bf3669cdbfd09a9162c96e0220713b81f3440bff0b639d2f29b2c48494b812fa89b754b7b6cdc9eaa8027cf369

True
Generate a signature that allows recovering the public key
$ python -m secp256k1 signrec \
	-k a1455c78a922c52f391c5784f8ca1457367fa57f9d7a74fdab7d2c90ca05c02e \
	-m hello

515fe95d0780b11633f3352deb064f1517d58f295a99131e9389da8bfacd64422513d0cd4e18a58d9f4873b592afe54cf63e8f294351d1e612c8a297b5255079 1
Recover public key
$ python -m secp256k1 recpub \
	-s 515fe95d0780b11633f3352deb064f1517d58f295a99131e9389da8bfacd64422513d0cd4e18a58d9f4873b592afe54cf63e8f294351d1e612c8a297b5255079 \
	-i 1 \
	-m hello

Public key: 02477ce3b986ab14d123d6c4167b085f4d08c1569963a0201b2ffc7d9d6086d2f3

It is easier to get started with command line, but it is more common to use this as a library. For that, check the next sections.

API

class secp256k1.PrivateKey(privkey, raw)

The PrivateKey class loads or creates a private key by obtaining 32 bytes from urandom and operates over it.

Instantiation parameters
Methods and instance attributes

create a BIP-340 signature for msg; bip340tag should be a string or byte value which distinguishes this usage from any other usage of signatures (e.g. your program name, or full protocol name). If raw is specified, then bip340tag is not used, and the msg (usually a 32-byte hash) is signed directly.

It produces non-malleable 64-byte signatures which support batch validation.

class secp256k1.PublicKey(pubkey, raw)

The PublicKey class loads an existing public key and operates over it.

Instantiation parameters
Methods and instance attributes

class secp256k1.ECDSA

The ECDSA class is intended to be used as a mix in. Its methods can be accessed from any secp256k1.PrivateKey or secp256k1.PublicKey instances.

Methods

Example

from secp256k1 import PrivateKey, PublicKey

privkey = PrivateKey()
privkey_der = privkey.serialize()
assert privkey.deserialize(privkey_der) == privkey.private_key

sig = privkey.ecdsa_sign(b'hello')
verified = privkey.pubkey.ecdsa_verify(b'hello', sig)
assert verified

sig_der = privkey.ecdsa_serialize(sig)
sig2 = privkey.ecdsa_deserialize(sig_der)
vrf2 = privkey.pubkey.ecdsa_verify(b'hello', sig2)
assert vrf2

pubkey = privkey.pubkey
pub = pubkey.serialize()

pubkey2 = PublicKey(pub, raw=True)
assert pubkey2.serialize() == pub
assert pubkey2.ecdsa_verify(b'hello', sig)
from secp256k1 import PrivateKey

key = '31a84594060e103f5a63eb742bd46cf5f5900d8406e2726dedfc61c7cf43ebad'
msg = '9e5755ec2f328cc8635a55415d0e9a09c2b6f2c9b0343c945fbbfe08247a4cbe'
sig = '30440220132382ca59240c2e14ee7ff61d90fc63276325f4cbe8169fc53ade4a407c2fc802204d86fbe3bde6975dd5a91fdc95ad6544dcdf0dab206f02224ce7e2b151bd82ab'

privkey = PrivateKey(bytes(bytearray.fromhex(key)), raw=True)
sig_check = privkey.ecdsa_sign(bytes(bytearray.fromhex(msg)), raw=True)
sig_ser = privkey.ecdsa_serialize(sig_check)

assert sig_ser == bytes(bytearray.fromhex(sig))
from secp256k1 import PrivateKey

key = '7ccca75d019dbae79ac4266501578684ee64eeb3c9212105f7a3bdc0ddb0f27e'
pub_compressed = '03e9a06e539d6bf5cf1ca5c41b59121fa3df07a338322405a312c67b6349a707e9'
pub_uncompressed = '04e9a06e539d6bf5cf1ca5c41b59121fa3df07a338322405a312c67b6349a707e94c181c5fe89306493dd5677143a329065606740ee58b873e01642228a09ecf9d'

privkey = PrivateKey(bytes(bytearray.fromhex(key)))
pubkey_ser = privkey.pubkey.serialize()
pubkey_ser_uncompressed = privkey.pubkey.serialize(compressed=False)

assert pubkey_ser == bytes(bytearray.fromhex(pub_compressed))
assert pubkey_ser_uncompressed == bytes(bytearray.fromhex(pub_uncompressed))

Technical details about the bundled libsecp256k1

The bundling of libsecp256k1 is handled by the various setup.py build phases: