CODEWITHSUNDEEP
encryptionpublish-subscribebitcoinsignatureecdsa
Bit-Shift
Bit-Shift

Reputation: 11

Secp256k1 Curve Signature close to expected signature but missing 2 segements

Private Key:

7a01628988d23fae697fa05fcdae5a82fe4f749aa9f24d35d23f81bee917dfc3

Message:

695369676e65645468697344617461546861744973323536426974734c6f6e67

Result:

205587dfc87c3227ad37b021c08c873ca4b1faada1a83f666d483711edb2f4f743
04ee40d9fe8dd03e6d42bfc7d0e53f75286125a591ed14b39265978ebf3eea36

Expected Result:

304402205587dfc87c3227ad37b021c08c873ca4b1faada1a83f666d483711edb2f4f7430220 04ee40d9fe8dd03e6d42bfc7d0e53f75286125a591ed14b39265978ebf3eea36

As you can see the expect result has 2 segments my result did not have:

304402 205587dfc87c3227ad37b021c08c873ca4b1faada1a83f666d483711edb2f4f743 0220 04ee40d9fe8dd03e6d42bfc7d0e53f75286125a591ed14b39265978ebf3eea36

What am I missing here, is there some compression or something happening to my result.

Thank you!

Upvotes: 1

Views: 425

Answers (1)

Robby Cornelissen
Robby Cornelissen

Reputation: 97120

I don't know how you got the result you have, but the expected result looks like a standard ECDSA signature in ASN.1/DER encoding.

To break it down:

  • 30: indicates that an ASN.1 SEQUENCE will follow
  • 44: the length of the sequence, in this case 68 bytes
  • 02: indicates that an ASN.1 INTEGER will follow
  • 20: indicates the length of the integer, in this case 32 bytes
  • 55 ... 43: the 32 bytes of the signature's r value
  • 02: indicates that an ASN.1 INTEGER will follow
  • 20: indicates the length of the integer, in this case 32 bytes
  • 04 ... 36: the 32 bytes of the signature's s value

As I said, I'm not sure what type of encoding is being used for the result that you currently have. It seems to contain the bare minimum information needed to be able to extract the r and s values from the byte array, but discards everything else. (I suspect it might be some variant of PER encoding or a custom encoding scheme.)

Particularly interesting is the fact that the length indicator for the r integer (20) is present in your result. Besides the actual r and s values, this is the only additional information that is strictly needed to be able to successfully parse the signature. As r and s might be either 32 or 33 bytes, you need one length indicator to know where r ends and s begins.

Upvotes: 1

Related Questions