Algorithms

Generate ECDSA Signature and verify signature using JavaScript

In this web guide, you will learn how to generate ECDSA Signature and verify it using JavaScript. ECDSA stands for Elliptic Curve Digital Signature Algorithm which is widely used for generating digital signatures. Bitcoin, one of the largest digital currency also uses ECDSA for generating digital signatures. Before starting you must know how ECDSA generate a signature.

How generate ECDSA signature ?

Generate ECDSA Signature

I have divided above diagram in two parts one is for Sender Side and second is for Receiver Side.

Sender Side

In sender side, two keys are generated using Key generation algorithm then private key is used to sign a message as shown above. Receiver will receive digital signature and sender’s public key.

Receiver Side

In receiver side, user receive digital signature and senders’s public key. Receiver then verify the signature using ECDSA signature verifying algorithm and reads message. However, message cannot be readable only it can be verified using ECDSA.

You can use ECDSA keys in ECIES  for encrypting messages and decryption messages using Public Key Encryption.

Steps to generate ECDSA Signatures using JavaScript

Generating Keys Using ECDSA

1. Create a new folder and then rename it to your choice. Let the folder name is  test.

2. Download JSRSASIGN library from this link and then save it in your website folder.

3. Create a new file index.html then save it to root of your website folder.

4. Open index.html file in any editor and then copy/paste below code

<script language="JavaScript" type="text/javascript" src="./jsrsasign-all-min.js"></script>
<script language="JavaScript" type="text/javascript">

//Generating Keys Using ECDSA
 
//Curve secp256r1 , secp256k1 , secp384r1
var curve = "secp256r1"; 
var ec = new KJUR.crypto.ECDSA({"curve": curve});

//Generating Keypair
var keypair = ec.generateKeyPairHex();

//Generating Private Key
var private_key = keypair.ecprvhex;

//Generating Public Key
var public_key = keypair.ecpubhex;

//Printing Result in Console
document.write("Private Key : "+private_key+"<br>");
document.write("Public Key : "+public_key);

</script>

5. Run index.html on any browser you want then you will see like below

Public and Private Key Using ECDSA

6. You can see that Keys are generated successfully then you can see a variable with name curve in code, you can change it to different curves supported in ECDSA like secp256r1, secp256k1 and secp384r1.

Generating Signature and Verifying Signature using ECDSA

Open index.html again in any editor then copy/paste code below key generating code as shown below

<script language="JavaScript" type="text/javascript" src="./jsrsasign-all-min.js"></script>
<script language="JavaScript" type="text/javascript">

//Generating Keys Using ECDSA
 
//Curve secp256r1 , secp256k1 , secp384r1
var curve = "secp256r1"; 
var ec = new KJUR.crypto.ECDSA({"curve": curve});

//Generating Keypair
var keypair = ec.generateKeyPairHex();

//Generating Private Key
var private_key = keypair.ecprvhex;

//Generating Public Key
var public_key = keypair.ecpubhex;

//Printing Result in Console
document.write("Private Key : "+private_key+"<br>");
document.write("Public Key : "+public_key+"<br>");


//Signature Algorithm SHA256withECDSA, SHA1withECDSA  
var signature_algo = "SHA256withECDSA";

//Message for encrypting
var msg = "Hello";

//Generating Signature
var sig = new KJUR.crypto.Signature({"alg": signature_algo});
sig.init({d: private_key, curve: curve});
sig.updateString(msg);
var sigValueHex = sig.sign();
  
//Printing Signature  
document.write("Signature : "+sigValueHex+"<br>");
 
 
//Verifying Signature 
var sigval = sigValueHex;

var sig = new KJUR.crypto.Signature({"alg": signature_algo, "prov": "cryptojs/jsrsa"});
sig.init({xy: public_key, curve: curve});
sig.updateString(msg);
var result = sig.verify(sigval);

//Printing Verification
if (result) {
  document.write("Signature : Verified");
} else {
  document.write("Signature : UnVerified");;
}
</script>

Save the file and then open it in any browser. You will something like below

Generating Signature And Verifying it

Remember whenever you refresh your page then all values will be changed. You can see public key, private key, signature and then verification status of signature.

In above code, you can see variable “signature_algo” in which we defined signature algorithm. You can choose from two algorithm’s SHA256withECDSA and SHA1withECDSA. Sha1 is shorter then sha256. After that we call signature method from library and generate signature for message ‘Hello’ as defined above.

Note, Signature is always generated using private key and verified using Public Key. You can see we pass private key variable in signature algorithm for generating signature.

Similarly, for verifying signature we pass public key in algorithm and if result is not empty then your signature is verified otherwise not verified.

 

 

Tags

Anil Mehra

I am Anil Mehra, a passionate, workaholic and a Full Stack Tech Savvy Programmer with true north towards growth. I have worked on 256 live projects in MNC. I am expertise in the field of Programming, Server Management, SEO, Blogging and SMO...

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button