Since I recently needed to verify some Elliptic Curve Cryptography signatures, I wrote a small but nice wrapper around the micro-ecc C library:
https://github.com/czietz/ecc-nim
PS: As with all cryptography projects, perform your own due-diligence before using in critical SW.
I've added a separate supplementary layer that adds support for OpenSSH-compatible keys and signatures (as long they're using the ecdsa-sha2-nistp256 format). I've also rewritten the small included test application signappl to use OpenSSH-compatible file formats.
With that you can now do:
$ ssh-keygen -t ecdsa -f sshkeys
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in sshkeys
Your public key has been saved in sshkeys.pub
The key fingerprint is:
SHA256:3drc+HdcX89une3NbXfwkpSpOKh4udH//LbrWxIQ/IY czietz@NotebookHP
The key's randomart image is:
+---[ECDSA 256]---+
| .. |
| .. |
| .o |
| . .E.o |
| S . ...o |
| . + o=.o|
| ......+oo*X|
| .o...o...+=^|
| ..oo .oo+B@X|
+----[SHA256]-----+
$ ssh-keygen -Y sign -f sshkeys -n "ecc.nim" hallo
Signing file hallo
Write signature to hallo.sig
$ ./signappl verify --pub sshkeys.pub --sig hallo.sig --file hallo
Using ECDSA key SHA256:3drc+HdcX89une3NbXfwkpSpOKh4udH//LbrWxIQ/IY
Signature 'hallo.sig' of 'hallo' with key 'sshkeys.pub' is valid.Or the other way around:
$ ./signappl sign --priv sshkeys --file hallo --sig hallo.sig
Signature has been written to 'hallo.sig'
$ ssh-keygen -Y check-novalidate -f sshkeys -n "ecc.nim" -s hallo.sig < hallo
Good "ecc.nim" signature with ECDSA key SHA256:3drc+HdcX89une3NbXfwkpSpOKh4udH//LbrWxIQ/IYPS: The OpenSSH format adds overhead. If you care about performance and not about OpenSSH compatibility, you should directly use the functions from ecc.nim instead