{"id":47444083,"url":"https://github.com/PeaceFounder/CryptoSignatures.jl","last_synced_at":"2026-04-06T13:00:56.104Z","repository":{"id":61797608,"uuid":"218578299","full_name":"PeaceFounder/CryptoSignatures.jl","owner":"PeaceFounder","description":"Cryptographic signature library","archived":false,"fork":false,"pushed_at":"2025-08-01T12:57:56.000Z","size":64,"stargazers_count":11,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-03-08T01:57:14.830Z","etag":null,"topics":["cryptography","dsa","elliptic-curves"],"latest_commit_sha":null,"homepage":"","language":"Julia","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PeaceFounder.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2019-10-30T16:55:47.000Z","updated_at":"2026-03-06T13:24:49.000Z","dependencies_parsed_at":"2025-10-21T12:24:11.337Z","dependency_job_id":"95633f0a-e0c4-4926-b8d8-54d09de76034","html_url":"https://github.com/PeaceFounder/CryptoSignatures.jl","commit_stats":{"total_commits":22,"total_committers":2,"mean_commits":11.0,"dds":"0.045454545454545414","last_synced_commit":"0b26f75bea5d994d6309859183a3a8552bf04225"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/PeaceFounder/CryptoSignatures.jl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeaceFounder%2FCryptoSignatures.jl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeaceFounder%2FCryptoSignatures.jl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeaceFounder%2FCryptoSignatures.jl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeaceFounder%2FCryptoSignatures.jl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PeaceFounder","download_url":"https://codeload.github.com/PeaceFounder/CryptoSignatures.jl/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeaceFounder%2FCryptoSignatures.jl/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31473271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T08:36:52.050Z","status":"ssl_error","status_checked_at":"2026-04-06T08:36:51.267Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","dsa","elliptic-curves"],"created_at":"2026-03-23T06:00:59.902Z","updated_at":"2026-04-06T13:00:56.086Z","avatar_url":"https://github.com/PeaceFounder.png","language":"Julia","funding_links":[],"categories":["Cryptography"],"sub_categories":["Cryptographic Signatures"],"readme":"# CryptoSignatures.jl\n\n[![codecov](https://codecov.io/gh/PeaceFounder/CryptoSignatures.jl/graph/badge.svg?token=9MSBVRQQTU)](https://codecov.io/gh/PeaceFounder/CryptoSignatures.jl)\n\n`CryptoSignatures.jl` aims to be a versatile cryptographic signature library in Julia. Currently supports digital signature algorithm for all available elliptic curves in X9.62 specification. Implementation for modular prime groups is coming shortly.\n\n## ECDSA\n\nThe first step is to select a curve to make a cryptographic signature with an elliptic curve digital signature algorithm (ECDSA). Curves from X9.62 specification are already available in `CryptoGroups.Specs` module. For instance, an elliptic prime group with 192-bit length prime modulus, also known as `secp192r1`,  can be instantiated as:\n\n```julia\nusing CryptoSignatures\nimport CryptoGroups\n\ncurve = CryptoGroups.spec(:secp192r1)\nctx = DSAContext(curve, \"sha1\")\n```\n\nwhere `ctx` stores all relevant parameters on how to make and verify signatures. The second argument specifies a hash function name, which is forwarded to `Nettle`. In case hashing is done externally to avoid hashing twice, nothing can be passed as an argument like `DSAContext(Curve_P_192, nothing)`. \n\nTo make a signature, first, we need to pick a key and calculate a corresponding public key:\n\n```julia\nprivate_key = CryptoSignatures.generate_key(ctx)\npublic_key = CryptoSignatures.public_key(ctx, private_key; mode = :uncompressed)\n```\n\nwhere `public_key` is stored as an octet in uncompressed notation, available are `uncompressed`, `:compressed` and `:hybrid` modes. Note that compressed mode for binary curves is limited as decompression is not implemented.\n\nLet's say our message is `M = \"abc\"`. That we can sign with a private key:\n\n```julia\nsignature = CryptoSignatures.sign(ctx, Vector{UInt8}(M), private_key)\n```\n\nNote that the signature is issued with a `k` value derived deterministically with a pseudorandom number generator where a seed contains a message, private key and a global seed `CryptoSignatures.SEED` computed when module is loaded. A signature on a relative generator which can be done by passing it as an argument behind the message `sign(ctx, message, generator, private_key)`.\n\nThe message can be verified with `verify` method using the public key and the issued signature:\n\n```julia\nCryptoSignatures.verify(ctx, Vector{UInt8}(M), public_key, signature) == true\n```\n\nreturning `true` if the message had been issued by the owner of a `public_key`. In case the signature had been issued with a relative generator, it is verified as `verify(ctx, message, generator, public_key)`.\n\n## DSA\n\nTo use an ordinary DSA with modular arithmetics, we need to instantiate the `DSAContext`. To do so, we need to select a prime modulus `p` for which we know group order `q` and generator `g`. With `CryptoGroups` we can generate those parameters and then use them for creating `DSAContext`:\n\n```julia\nusing CryptoSignatures\nimport CryptoGroups \n\ngroup = CryptoGroups.spec(:RFC5114_2048_224)\nctx = DSAContext(group, \"sha1\")\n```\n\nAs for `ECDSA` context, we generate a private key and a public key:\n\n```julia\nprivate_key = CryptoSignatures.generate_key(ctx)\npublic_key = CryptoSignatures.public_key(ctx, private_key)\n```\n\nWhich can be used to sign and verify messages as before:\n\n```julia\nM = \"abc\"\n\nsignature = CryptoSignatures.sign(ctx, Vector{UInt8}(M), private_key)\n\nverify(ctx, Vector{UInt8}(M), public_key, signature) == true\n```\n\n## Security Considerations\n\nIt's important to state that the underlying implementation does not use constant time operations, thus making it vulnerable to side-channel attacks where the adversary can measure the time that it takes to make different signatures. \n\nAnother concern is that the implementation is slow, around 10...100 times more than state-of-the-art implementations in C. This can quickly become a bottleneck and attractive avenue for adversaries performing DDOS attacks. \n\nIt is also essential to state that only two tests are available for the signature algorithm. In practice, there are many attack vectors on how to fool improperly implemented verify function, which needs to be tested in detail. \n\nIn a nutshell, use it for small projects, but when you become big, don't shy away from the responsibility of including this library in your security audit to make it better.\n\n## Further Work\n\nThe performance could be addressed by wrapping the OpenSSL libcrypto library for doing operations on elliptic curves. RSA signatures could be something to add, as well as a blind signature algorithm. \n\n \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPeaceFounder%2FCryptoSignatures.jl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FPeaceFounder%2FCryptoSignatures.jl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FPeaceFounder%2FCryptoSignatures.jl/lists"}