btcec

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 27, 2025 License: MIT Imports: 25 Imported by: 0

README

btcec

Build Status ISC License GoDoc

Package btcec implements elliptic curve cryptography needed for working with Bitcoin (secp256k1 only for now). It is designed so that it may be used with the standard crypto/ecdsa packages provided with go. A comprehensive suite of test is provided to ensure proper functionality. Package btcec was originally based on work from ThePiachu which is licensed under the same terms as Go, but it has signficantly diverged since then. The btcsuite developers original is licensed under the liberal ISC license.

Although this package was primarily written for btcd, it has intentionally been designed so it can be used as a standalone package for any projects needing to use secp256k1 elliptic curve cryptography.

Installation and Updating

$ go get -u github.com/724165435/go-wallet-sdk/bitcoin/btcsuite/btcd/btcec

Examples

  • Sign Message Demonstrates signing a message with a secp256k1 private key that is first parsed form raw bytes and serializing the generated signature.

  • Verify Signature Demonstrates verifying a secp256k1 signature against a public key that is first parsed from raw bytes. The signature is also parsed from raw bytes.

  • Encryption Demonstrates encrypting a message for a public key that is first parsed from raw bytes, then decrypting it using the corresponding private key.

  • Decryption Demonstrates decrypting a message using a private key that is first parsed from raw bytes.

GPG Verification Key

All official release tags are signed by Conformal so users can ensure the code has not been tampered with and is coming from the btcsuite developers. To verify the signature perform the following:

  • Download the public key from the Conformal website at https://opensource.conformal.com/GIT-GPG-KEY-conformal.txt

  • Import the public key into your GPG keyring:

    gpg --import GIT-GPG-KEY-conformal.txt

  • Verify the release tag with the following command where TAG_NAME is a placeholder for the specific tag:

    git tag -v TAG_NAME

License

Package btcec is licensed under the copyfree ISC License except for btcec.go and btcec_test.go which is under the same license as Go.

Documentation

Overview

Package btcec implements support for the elliptic curves needed for bitcoin.

Bitcoin uses elliptic curve cryptography using koblitz curves (specifically secp256k1) for cryptographic functions. See http://www.secg.org/collateral/sec2_final.pdf for details on the standard.

This package provides the data structures and functions implementing the crypto/elliptic Curve interface in order to permit using these curves with the standard crypto/ecdsa package provided with go. Helper functionality is provided to parse signatures and public keys from standard formats. It was designed for use with btcd, but should be general enough for other uses of elliptic curve crypto. It was originally based on some initial work by ThePiachu, but has significantly diverged since then.

Index

Constants

View Source 
const (
	PubKeyBytesLenCompressed   = 33
	PubKeyBytesLenUncompressed = 65
	PubKeyBytesLenHybrid       = 65
)

These constants define the lengths of serialized public keys.

View Source 
const PrivKeyBytesLen = 32

PrivKeyBytesLen defines the length in bytes of a serialized private key.

View Source 
const SECP256K1RSigLen = 65

Variables

View Source 
var (
	// ErrChecksumMismatch describes an error where decoding failed due
	// to a bad checksum.
	ErrChecksumMismatch = errors.New("checksum mismatch")

	// ErrUnknownAddressType describes an error where an address can not
	// decoded as a specific address type due to the string encoding
	// begining with an identifier byte unknown to any standard or
	// registered (via chaincfg.Register) network.
	ErrUnknownAddressType = errors.New("unknown address type")

	// ErrAddressCollision describes an error where an address can not
	// be uniquely determined as either a pay-to-pubkey-hash or
	// pay-to-script-hash address since the leading identifier is used for
	// describing both address kinds, but for different networks.  Rather
	// than assuming or defaulting to one or the other, this error is
	// returned and the caller must decide how to decode the address.
	ErrAddressCollision = errors.New("address collision")
)
View Source 
var (
	// ErrInvalidMAC occurs when Message Authentication Check (MAC) fails
	// during decryption. This happens because of either invalid private key or
	// corrupt ciphertext.
	ErrInvalidMAC = errors.New("invalid mac hash")
)

Functions

func Decrypt 

func Decrypt(priv *PrivateKey, in []byte) ([]byte, error)

Decrypt decrypts data that was encrypted using the Encrypt function.

func Encrypt 

func Encrypt(pubkey *PublicKey, in []byte) ([]byte, error)

Encrypt encrypts data for the target public key using AES-256-CBC. It also generates a private key (the pubkey of which is also in the output). The only supported curve is secp256k1. The `structure' that it encodes everything into is: 

struct {
	// Initialization Vector used for AES-256-CBC
	IV [16]byte
	// Public Key: curve(2) + len_of_pubkeyX(2) + pubkeyX +
	// len_of_pubkeyY(2) + pubkeyY (curve = 714)
	PublicKey [70]byte
	// Cipher text
	Data []byte
	// HMAC-SHA-256 Message Authentication Code
	HMAC [32]byte
}

The primary aim is to ensure byte compatibility with Pyelliptic. Also, refer to section 5.8.1 of ANSI X9.63 for rationale on this format.

func GenerateSharedSecret 

func GenerateSharedSecret(privkey *PrivateKey, pubkey *PublicKey) []byte

GenerateSharedSecret generates a shared secret based on a private key and a public key using Diffie-Hellman key exchange (ECDH) (RFC 4753). RFC5903 Section 9 states we should only return x.

func Hash160 

func Hash160(buf []byte) []byte

Hash160 calculates the hash ripemd160(sha256(b)).

func IsCompressedPubKey 

func IsCompressedPubKey(pubKey []byte) bool

IsCompressedPubKey returns true the the passed serialized public key has been encoded in compressed format, and false otherwise.

func NAF 

func NAF(k []byte) ([]byte, []byte)

NAF takes a positive integer k and returns the Non-Adjacent Form (NAF) as two byte slices. The first is where 1s will be. The second is where -1s will be. NAF is convenient in that on average, only 1/3rd of its values are non-zero. This is algorithm 3.30 from [GECC].

Essentially, this makes it possible to minimize the number of operations since the resulting ints returned will be at least 50% 0s.

func PrivKeyFromBytes 

func PrivKeyFromBytes(curve elliptic.Curve, pk []byte) (*PrivateKey,
	*PublicKey)

PrivKeyFromBytes returns a private and public key for `curve' based on the private key passed as an argument as a byte slice.

func RawSigToSig 

func RawSigToSig(sig []byte) ([]byte, error)

func SignCompact 

func SignCompact(curve *KoblitzCurve, key *PrivateKey,
	hash []byte, isCompressedKey bool) ([]byte, error)

SignCompact produces a compact signature of the data in hash with the given private key on the given koblitz curve. The isCompressed parameter should be used to detail if the given signature should reference a compressed public key or not. If successful the bytes of the compact signature will be returned in the format: <(byte of 27+public key solution)+4 if compressed >< padded bytes for signature R><padded bytes for signature S> where the R and S parameters are padde up to the bitlengh of the curve.

func SignCompactR1 

func SignCompactR1(curve *KoblitzCurve, key *PrivateKey, hash []byte, isCompressedKey bool) ([]byte, error)

SECP256K1R

Types

type Address 

type Address interface {
	// String returns the string encoding of the transaction output
	// destination.
	//
	// Please note that String differs subtly from EncodeAddress: String
	// will return the value as a string without any conversion, while
	// EncodeAddress may convert destination types (for example,
	// converting pubkeys to P2PKH addresses) before encoding as a
	// payment address string.
	String() string

	// EncodeAddress returns the string encoding of the payment address
	// associated with the Address value.  See the comment on String
	// for how this method differs from String.
	EncodeAddress() string

	// ScriptAddress returns the raw bytes of the address to be used
	// when inserting the address into a txout's script.
	ScriptAddress() []byte

	// IsForNet returns whether or not the address is associated with the
	// passed bitcoin network.
	IsForNet(*chaincfg.Params) bool
}

Address is an interface type for any type of destination a transaction output may spend to. This includes pay-to-pubkey (P2PK), pay-to-pubkey-hash (P2PKH), and pay-to-script-hash (P2SH). Address is designed to be generic enough that other kinds of addresses may be added in the future without changing the decoding and encoding API.

func DecodeAddress 

func DecodeAddress(addr string, defaultNet *chaincfg.Params) (Address, error)

DecodeAddress decodes the string encoding of an address and returns the Address if addr is a valid encoding for a known address type.

The bitcoin network the address is associated with is extracted if possible. When the address does not encode the network, such as in the case of a raw public key, the address will be associated with the passed defaultNet.

type AddressPubKey 

type AddressPubKey struct {
	// contains filtered or unexported fields
}

AddressPubKey is an Address for a pay-to-pubkey transaction.

func NewAddressPubKey 

func NewAddressPubKey(serializedPubKey []byte, net *chaincfg.Params) (*AddressPubKey, error)

NewAddressPubKey returns a new AddressPubKey which represents a pay-to-pubkey address. The serializedPubKey parameter must be a valid pubkey and can be uncompressed, compressed, or hybrid.

func (*AddressPubKey) AddressPubKeyHash 

func (a *AddressPubKey) AddressPubKeyHash() *AddressPubKeyHash

AddressPubKeyHash returns the pay-to-pubkey address converted to a pay-to-pubkey-hash address. Note that the public key format (uncompressed, compressed, etc) will change the resulting address. This is expected since pay-to-pubkey-hash is a hash of the serialized public key which obviously differs with the format. At the time of this writing, most Bitcoin addresses are pay-to-pubkey-hash constructed from the uncompressed public key.

func (*AddressPubKey) EncodeAddress 

func (a *AddressPubKey) EncodeAddress() string

EncodeAddress returns the string encoding of the public key as a pay-to-pubkey-hash. Note that the public key format (uncompressed, compressed, etc) will change the resulting address. This is expected since pay-to-pubkey-hash is a hash of the serialized public key which obviously differs with the format. At the time of this writing, most Bitcoin addresses are pay-to-pubkey-hash constructed from the uncompressed public key.

Part of the Address interface.

func (*AddressPubKey) Format 

func (a *AddressPubKey) Format() PubKeyFormat

Format returns the format (uncompressed, compressed, etc) of the pay-to-pubkey address.

func (*AddressPubKey) IsForNet 

func (a *AddressPubKey) IsForNet(net *chaincfg.Params) bool

IsForNet returns whether or not the pay-to-pubkey address is associated with the passed bitcoin network.

func (*AddressPubKey) PubKey 

func (a *AddressPubKey) PubKey() *PublicKey

PubKey returns the underlying public key for the address.

func (*AddressPubKey) ScriptAddress 

func (a *AddressPubKey) ScriptAddress() []byte

ScriptAddress returns the bytes to be included in a txout script to pay to a public key. Setting the public key format will affect the output of this function accordingly. Part of the Address interface.

func (*AddressPubKey) SetFormat 

func (a *AddressPubKey) SetFormat(pkFormat PubKeyFormat)

SetFormat sets the format (uncompressed, compressed, etc) of the pay-to-pubkey address.

func (*AddressPubKey) String 

func (a *AddressPubKey) String() string

String returns the hex-encoded human-readable string for the pay-to-pubkey address. This is not the same as calling EncodeAddress.

type AddressPubKeyHash 

type AddressPubKeyHash struct {
	// contains filtered or unexported fields
}

AddressPubKeyHash is an Address for a pay-to-pubkey-hash (P2PKH) transaction.

func NewAddressPubKeyHash 

func NewAddressPubKeyHash(pkHash []byte, net *chaincfg.Params) (*AddressPubKeyHash, error)

NewAddressPubKeyHash returns a new AddressPubKeyHash. pkHash mustbe 20 bytes.

func (*AddressPubKeyHash) EncodeAddress 

func (a *AddressPubKeyHash) EncodeAddress() string

EncodeAddress returns the string encoding of a pay-to-pubkey-hash address. Part of the Address interface.

func (*AddressPubKeyHash) Hash160 

func (a *AddressPubKeyHash) Hash160() *[ripemd160.Size]byte

Hash160 returns the underlying array of the pubkey hash. This can be useful when an array is more appropiate than a slice (for example, when used as map keys).

func (*AddressPubKeyHash) IsForNet 

func (a *AddressPubKeyHash) IsForNet(net *chaincfg.Params) bool

IsForNet returns whether or not the pay-to-pubkey-hash address is associated with the passed bitcoin network.

func (*AddressPubKeyHash) ScriptAddress 

func (a *AddressPubKeyHash) ScriptAddress() []byte

ScriptAddress returns the bytes to be included in a txout script to pay to a pubkey hash. Part of the Address interface.

func (*AddressPubKeyHash) String 

func (a *AddressPubKeyHash) String() string

String returns a human-readable string for the pay-to-pubkey-hash address. This is equivalent to calling EncodeAddress, but is provided so the type can be used as a fmt.Stringer.

type AddressScriptHash 

type AddressScriptHash struct {
	// contains filtered or unexported fields
}

AddressScriptHash is an Address for a pay-to-script-hash (P2SH) transaction.

func NewAddressScriptHash 

func NewAddressScriptHash(serializedScript []byte, net *chaincfg.Params) (*AddressScriptHash, error)

NewAddressScriptHash returns a new AddressScriptHash.

func NewAddressScriptHashFromHash 

func NewAddressScriptHashFromHash(scriptHash []byte, net *chaincfg.Params) (*AddressScriptHash, error)

NewAddressScriptHashFromHash returns a new AddressScriptHash. scriptHash must be 20 bytes.

func (*AddressScriptHash) EncodeAddress 

func (a *AddressScriptHash) EncodeAddress() string

EncodeAddress returns the string encoding of a pay-to-script-hash address. Part of the Address interface.

func (*AddressScriptHash) Hash160 

func (a *AddressScriptHash) Hash160() *[ripemd160.Size]byte

Hash160 returns the underlying array of the script hash. This can be useful when an array is more appropiate than a slice (for example, when used as map keys).

func (*AddressScriptHash) IsForNet 

func (a *AddressScriptHash) IsForNet(net *chaincfg.Params) bool

IsForNet returns whether or not the pay-to-script-hash address is associated with the passed bitcoin network.

func (*AddressScriptHash) ScriptAddress 

func (a *AddressScriptHash) ScriptAddress() []byte

ScriptAddress returns the bytes to be included in a txout script to pay to a script hash. Part of the Address interface.

func (*AddressScriptHash) String 

func (a *AddressScriptHash) String() string

String returns a human-readable string for the pay-to-script-hash address. This is equivalent to calling EncodeAddress, but is provided so the type can be used as a fmt.Stringer.

type AddressWitnessPubKeyHash 

type AddressWitnessPubKeyHash struct {
	// contains filtered or unexported fields
}

AddressWitnessPubKeyHash is an Address for a pay-to-witness-pubkey-hash (P2WPKH) output. See BIP 173 for further details regarding native segregated witness address encoding: https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki

func NewAddressWitnessPubKeyHash 

func NewAddressWitnessPubKeyHash(witnessProg []byte, net *chaincfg.Params) (*AddressWitnessPubKeyHash, error)

NewAddressWitnessPubKeyHash returns a new AddressWitnessPubKeyHash.

func (*AddressWitnessPubKeyHash) EncodeAddress 

func (a *AddressWitnessPubKeyHash) EncodeAddress() string

EncodeAddress returns the bech32 string encoding of an AddressWitnessPubKeyHash. Part of the Address interface.

func (*AddressWitnessPubKeyHash) Hash160 

func (a *AddressWitnessPubKeyHash) Hash160() *[20]byte

Hash160 returns the witness program of the AddressWitnessPubKeyHash as a byte array.

func (*AddressWitnessPubKeyHash) Hrp 

func (a *AddressWitnessPubKeyHash) Hrp() string

Hrp returns the human-readable part of the bech32 encoded AddressWitnessPubKeyHash.

func (*AddressWitnessPubKeyHash) IsForNet 

func (a *AddressWitnessPubKeyHash) IsForNet(net *chaincfg.Params) bool

IsForNet returns whether or not the AddressWitnessPubKeyHash is associated with the passed bitcoin network. Part of the Address interface.

func (*AddressWitnessPubKeyHash) ScriptAddress 

func (a *AddressWitnessPubKeyHash) ScriptAddress() []byte

ScriptAddress returns the witness program for this address. Part of the Address interface.

func (*AddressWitnessPubKeyHash) String 

func (a *AddressWitnessPubKeyHash) String() string

String returns a human-readable string for the AddressWitnessPubKeyHash. This is equivalent to calling EncodeAddress, but is provided so the type can be used as a fmt.Stringer. Part of the Address interface.

func (*AddressWitnessPubKeyHash) WitnessProgram 

func (a *AddressWitnessPubKeyHash) WitnessProgram() []byte

WitnessProgram returns the witness program of the AddressWitnessPubKeyHash.

func (*AddressWitnessPubKeyHash) WitnessVersion 

func (a *AddressWitnessPubKeyHash) WitnessVersion() byte

WitnessVersion returns the witness version of the AddressWitnessPubKeyHash.

type AddressWitnessScriptHash 

type AddressWitnessScriptHash struct {
	// contains filtered or unexported fields
}

AddressWitnessScriptHash is an Address for a pay-to-witness-script-hash (P2WSH) output. See BIP 173 for further details regarding native segregated witness address encoding: https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki

func NewAddressWitnessScriptHash 

func NewAddressWitnessScriptHash(witnessProg []byte, net *chaincfg.Params) (*AddressWitnessScriptHash, error)

NewAddressWitnessScriptHash returns a new AddressWitnessPubKeyHash.

func (*AddressWitnessScriptHash) EncodeAddress 

func (a *AddressWitnessScriptHash) EncodeAddress() string

EncodeAddress returns the bech32 string encoding of an AddressWitnessScriptHash. Part of the Address interface.

func (*AddressWitnessScriptHash) Hrp 

func (a *AddressWitnessScriptHash) Hrp() string

Hrp returns the human-readable part of the bech32 encoded AddressWitnessScriptHash.

func (*AddressWitnessScriptHash) IsForNet 

func (a *AddressWitnessScriptHash) IsForNet(net *chaincfg.Params) bool

IsForNet returns whether or not the AddressWitnessScriptHash is associated with the passed bitcoin network. Part of the Address interface.

func (*AddressWitnessScriptHash) ScriptAddress 

func (a *AddressWitnessScriptHash) ScriptAddress() []byte

ScriptAddress returns the witness program for this address. Part of the Address interface.

func (*AddressWitnessScriptHash) String 

func (a *AddressWitnessScriptHash) String() string

String returns a human-readable string for the AddressWitnessScriptHash. This is equivalent to calling EncodeAddress, but is provided so the type can be used as a fmt.Stringer. Part of the Address interface.

func (*AddressWitnessScriptHash) WitnessProgram 

func (a *AddressWitnessScriptHash) WitnessProgram() []byte

WitnessProgram returns the witness program of the AddressWitnessScriptHash.

func (*AddressWitnessScriptHash) WitnessVersion 

func (a *AddressWitnessScriptHash) WitnessVersion() byte

WitnessVersion returns the witness version of the AddressWitnessScriptHash.

type KoblitzCurve 

type KoblitzCurve struct {
	*elliptic.CurveParams

	H int // cofactor of the curve.
	// contains filtered or unexported fields
}

KoblitzCurve supports a koblitz curve implementation that fits the ECC Curve interface from crypto/elliptic.

func S256 

func S256() *KoblitzCurve

S256 returns a Curve which implements secp256k1.

func (*KoblitzCurve) Add 

func (curve *KoblitzCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)

Add returns the sum of (x1,y1) and (x2,y2). Part of the elliptic.Curve interface.

func (*KoblitzCurve) Double 

func (curve *KoblitzCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int)

Double returns 2*(x1,y1). Part of the elliptic.Curve interface.

func (*KoblitzCurve) IsOnCurve 

func (curve *KoblitzCurve) IsOnCurve(x, y *big.Int) bool

IsOnCurve returns boolean if the point (x,y) is on the curve. Part of the elliptic.Curve interface. This function differs from the crypto/elliptic algorithm since a = 0 not -3.

func (*KoblitzCurve) Params 

func (curve *KoblitzCurve) Params() *elliptic.CurveParams

Params returns the parameters for the curve.

func (*KoblitzCurve) QPlus1Div4 

func (curve *KoblitzCurve) QPlus1Div4() *big.Int

QPlus1Div4 returns the Q+1/4 constant for the curve for use in calculating square roots via exponention.

func (*KoblitzCurve) ScalarBaseMult 

func (curve *KoblitzCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int)

ScalarBaseMult returns k*G where G is the base point of the group and k is a big endian integer. Part of the elliptic.Curve interface.

func (*KoblitzCurve) ScalarMult 

func (curve *KoblitzCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int)

ScalarMult returns k*(Bx, By) where k is a big endian integer. Part of the elliptic.Curve interface.

type PrivateKey 

type PrivateKey ecdsa.PrivateKey

PrivateKey wraps an ecdsa.PrivateKey as a convenience mainly for signing things with the the private key without having to directly import the ecdsa package.

func NewPrivateKey 

func NewPrivateKey(curve elliptic.Curve) (*PrivateKey, error)

NewPrivateKey is a wrapper for ecdsa.GenerateKey that returns a PrivateKey instead of the normal ecdsa.PrivateKey.

func (*PrivateKey) PubKey 

func (p *PrivateKey) PubKey() *PublicKey

PubKey returns the PublicKey corresponding to this private key.

func (*PrivateKey) Serialize 

func (p *PrivateKey) Serialize() []byte

Serialize returns the private key number d as a big-endian binary-encoded number, padded to a length of 32 bytes.

func (*PrivateKey) Sign 

func (p *PrivateKey) Sign(hash []byte) (*Signature, error)

Sign generates an ECDSA signature for the provided hash (which should be the result of hashing a larger message) using the private key. Produced signature is deterministic (same message and same key yield the same signature) and canonical in accordance with RFC6979 and BIP0062.

func (*PrivateKey) SignCanonical 

func (p *PrivateKey) SignCanonical(curve *KoblitzCurve, hash []byte, check func([]byte) bool) ([]byte, error)

func (*PrivateKey) ToECDSA 

func (p *PrivateKey) ToECDSA() *ecdsa.PrivateKey

ToECDSA returns the private key as a *ecdsa.PrivateKey.

type PubKeyFormat 

type PubKeyFormat int

PubKeyFormat describes what format to use for a pay-to-pubkey address. 

const (
	// PKFUncompressed indicates the pay-to-pubkey address format is an
	// uncompressed public key.
	PKFUncompressed PubKeyFormat = iota

	// PKFCompressed indicates the pay-to-pubkey address format is a
	// compressed public key.
	PKFCompressed

	// PKFHybrid indicates the pay-to-pubkey address format is a hybrid
	// public key.
	PKFHybrid
)

type PublicKey 

type PublicKey ecdsa.PublicKey

PublicKey is an ecdsa.PublicKey with additional functions to serialize in uncompressed, compressed, and hybrid formats.

func ParsePubKey 

func ParsePubKey(pubKeyStr []byte, curve *KoblitzCurve) (key *PublicKey, err error)

ParsePubKey parses a public key for a koblitz curve from a bytestring into a ecdsa.Publickey, verifying that it is valid. It supports compressed, uncompressed and hybrid signature formats.

func RecoverCompact 

func RecoverCompact(curve *KoblitzCurve, signature,
	hash []byte) (*PublicKey, bool, error)

RecoverCompact verifies the compact signature "signature" of "hash" for the Koblitz curve in "curve". If the signature matches then the recovered public key will be returned as well as a boolen if the original key was compressed or not, else an error will be returned.

func (*PublicKey) IsEqual 

func (p *PublicKey) IsEqual(otherPubKey *PublicKey) bool

IsEqual compares this PublicKey instance to the one passed, returning true if both PublicKeys are equivalent. A PublicKey is equivalent to another, if they both have the same X and Y coordinate.

func (*PublicKey) SerializeCompressed 

func (p *PublicKey) SerializeCompressed() []byte

SerializeCompressed serializes a public key in a 33-byte compressed format.

func (*PublicKey) SerializeHybrid 

func (p *PublicKey) SerializeHybrid() []byte

SerializeHybrid serializes a public key in a 65-byte hybrid format.

func (*PublicKey) SerializeUncompressed 

func (p *PublicKey) SerializeUncompressed() []byte

SerializeUncompressed serializes a public key in a 65-byte uncompressed format.

func (*PublicKey) ToECDSA 

func (p *PublicKey) ToECDSA() *ecdsa.PublicKey

ToECDSA returns the public key as a *ecdsa.PublicKey.

type Signature 

type Signature struct {
	R *big.Int
	S *big.Int
}

Signature is a type representing an ecdsa signature.

func ParseDERSignature 

func ParseDERSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error)

ParseDERSignature parses a signature in DER format for the curve type `curve` into a Signature type. If parsing according to the less strict BER format is needed, use ParseSignature.

func ParseSignature 

func ParseSignature(sigStr []byte, curve elliptic.Curve) (*Signature, error)

ParseSignature parses a signature in BER format for the curve type `curve' into a Signature type, perfoming some basic sanity checks. If parsing according to the more strict DER format is needed, use ParseDERSignature.

func (*Signature) IsEqual 

func (sig *Signature) IsEqual(otherSig *Signature) bool

IsEqual compares this Signature instance to the one passed, returning true if both Signatures are equivalent. A signature is equivalent to another, if they both have the same scalar value for R and S.

func (*Signature) Serialize 

func (sig *Signature) Serialize() []byte

Serialize returns the ECDSA signature in the more strict DER format. Note that the serialized bytes returned do not include the appended hash type used in Bitcoin signature scripts.

encoding/asn1 is broken so we hand roll this output:

0x30 <length> 0x02 <length r> r 0x02 <length s> s

func (*Signature) SimpleSerialize 

func (sig *Signature) SimpleSerialize() []byte

Format RS 64 bytes

func (*Signature) Verify 

func (sig *Signature) Verify(hash []byte, pubKey *PublicKey) bool

Verify calls ecdsa.Verify to verify the signature of hash using the public key. It returns true if the signature is valid, false otherwise.

type UnsupportedWitnessProgLenError 

type UnsupportedWitnessProgLenError int

UnsupportedWitnessProgLenError describes an error where a segwit address being decoded has an unsupported witness program length.

func (UnsupportedWitnessProgLenError) Error 

func (e UnsupportedWitnessProgLenError) Error() string

type UnsupportedWitnessVerError 

type UnsupportedWitnessVerError byte

UnsupportedWitnessVerError describes an error where a segwit address being decoded has an unsupported witness version.

func (UnsupportedWitnessVerError) Error 

func (e UnsupportedWitnessVerError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.