There is no way to perform a ECDSA sign with a deterministic K value

[rickmark]

It is not possible to specify the value for k allowing the usage of https://tools.ietf.org/html/rfc6979

This limits the ability to use libcrypto ECC operations in a number of ways.

OpenSSL::PKey::EC#dsa_sign_asn1 should take an optional precomputed K value as those APIs exist in OpenSSL

[rhenium]

ECDSA_*() functions are deprecated and I'd like to avoid implementing a feature on top of the legacy API.

There is an open Pull Request https://github.com/openssl/openssl/pull/9223 to add RFC 6979 support via the EVP API.

Once it is merged and I finish #382, OpenSSL::PKey::EC#sign_raw can take ecdsa_nonce_type: "deterministic" argument.

[rickmark]

I'm liking #382 - but I'd like to keep this as well:

being able to call sign with the value of k specified being able to call sign with the value of inverse_k and r specified

This can be handled in the options hash.

This unblocks a number of scenarios for usage in Bitcoin / ECC where "close to the metal" is needed. I've also started to prepare a test suite that verifies correctness with predetermined k values. (see https://github.com/lian/bitcoin-ruby/compare/master...rickmark:master)

I know introducing k means that if misused clients can leak their private key... but I think good documentation that you shouldn't provide these values if you don't know what they are.

[rhenium]

At the end of last year, OpenSSL finally added RFC 6979 support through the EVP API: https://github.com/openssl/openssl/pull/18809

It will likely be available in OpenSSL 3.2.