What is ECDSA?
ECDSA signature verification checks that a signature was produced by the holder of the private key for a given message, using the signer's public key and the same curve and hash. If it passes, the message is authentic and unchanged. Verification runs entirely in your browser.
Trust check: verification confirms a message is authentic, using the signer's public key. Runs locally in your browser.
How ECDSA works
Verification recomputes the curve math with the public key:
- The message is hashed with the same algorithm used to sign.
- The signature (r, s) and the public key are combined using curve operations.
- If the computed value matches r, the signature is valid.
How to use
- Paste the message, the signature, and the signer's public key.
- Run verification locally in your browser.
- A valid result means the message is authentic.
Options explained
- Curve — Must match the key and signature.
- Hash algorithm — Must match the one used to sign.
- Public key — Paste the signer's EC public key (PEM).
Common uses
- Verifying blockchain transaction signatures.
- Validating JWT ES256 tokens.
- Confirming signed messages and files.
Frequently asked questions
What does a failed verification mean?
The message changed, the signature is invalid, or the wrong key/curve was used.
Do I need the private key to verify?
No. Verification uses only the public key.
How do I sign instead?
Use the ECDSA Sign tool with your private key.