Replace ecdsa with cryptography for key generation and signing #221

[swlodarski-sumoheavy]

Resolves #221

Summary

This PR migrates the cryptographic operations from the ecdsa library to pyca/cryptography, providing a more secure, actively maintained, and industry-standard cryptographic library for SECP256K1 key generation and ECDSA signing.

Changes

Dependencies

• pyproject.toml: Replaced ecdsa >= 0.19.1 with cryptography >= 44.0.0
• Pipfile: Updated package dependency to use cryptography >= 44.0.0

Code Changes

• Replaced ecdsa imports with cryptography.hazmat.primitives modules
• Added typing.cast for type safety with mypy
• generate_pem(): Migrated from SigningKey.generate(curve=SECP256k1) to ec.generate_private_key(ec.SECP256K1())
• get_compressed_public_key_from_pem(): Updated to use serialization.load_pem_private_key() and extract public key coordinates via public_numbers() with explicit type casting
• sign(): Replaced ecdsa's DER-encoded signing with cryptography's EllipticCurvePrivateKey.sign() using ECDSA with SHA256

Why This Change?

• Security: pyca/cryptography is the industry-standard cryptographic library with regular security audits and FIPS-compliant implementations
• Maintenance: More actively maintained with better Python version support (3.9-3.14)
• Type Safety: Better type hints support, resolving mypy type checking errors
• Ecosystem: Widely used across the Python ecosystem, reducing dependency conflicts

Technical Details

All cryptographic operations remain functionally equivalent:

• Private key generation using SECP256K1 elliptic curve
• PEM format serialization/deserialization
• Message signing with SHA256 hash algorithm
• Public key compression for Bitcoin SIN generation

Breaking Changes

None. The public API remains unchanged; only the underlying cryptographic implementation has been updated.

Testing

• Existing test suite should pass without modifications
• All cryptographic outputs remain compatible with BitPay API requirements