打开得到加密脚本：

python">import ecdsa
import randomdef ecdsa_test(dA,k):sk = ecdsa.SigningKey.from_secret_exponent(secexp=dA,curve=ecdsa.SECP256k1)sig1 = sk.sign(data=b'Hi.', k=k).hex()sig2 = sk.sign(data=b'hello.', k=k).hex()r1 = int(sig1[:64], 16)s1 = int(sig1[64:], 16)s2 = int(sig2[64:], 16)return r1,s1,s2if __name__ == '__main__':n = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141a = random.randint(0,n)flag = 'flag{' + str(a) + "}"b = random.randint(0,n)print(ecdsa_test(a,b))# (4690192503304946823926998585663150874421527890534303129755098666293734606680, 111157363347893999914897601390136910031659525525419989250638426589503279490788, 74486305819584508240056247318325239805160339288252987178597122489325719901254)

解密脚本：

python">import ecdsa
import randomdef ecdsa_verify(dA, sig_r, sig_s, msg, k):# 从私钥 dA 和签名 r, s 验证消息sk = ecdsa.SigningKey.from_secret_exponent(secexp=dA,curve=ecdsa.SECP256k1)try:# 使用生成的签名验证消息valid = sk.verify((sig_r, sig_s), msg.encode())return validexcept ecdsa.keys.BadSignatureError:return Falsedef ecdsa_test(dA, k):sk = ecdsa.SigningKey.from_secret_exponent(secexp=dA,curve=ecdsa.SECP256k1)sig1 = sk.sign(data=b'Hi.', k=k)sig2 = sk.sign(data=b'hello.', k=k)r1 = int(sig1[:32], 16)s1 = int(sig1[32:], 16)r2 = int(sig2[:32], 16)s2 = int(sig2[32:], 16)return r1, s1, r2, s2if __name__ == '__main__':# 这个是用于模拟的私钥，实际情况中需要提供dA = 1234567890 # 私钥dAk = random.randint(0, 2**256)msg = 'Hi.'r1, s1, r2, s2 = ecdsa_test(dA, k)print(f"Signature for msg 'Hi.': r={r1}, s={s1}")# 验证签名is_valid = ecdsa_verify(dA, r1, s1, msg, k)print(f"Signature valid: {is_valid}")