Skip to content

feat(wasm-utxo): add PSBT signature verification and txid methods #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 12, 2025
+1,184 −99
Merged

feat(wasm-utxo): add PSBT signature verification and txid methods #58

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
749031e
feat(wasm-utxo): add method to get unsigned txid from psbt
OttoAllmendinger Nov 11, 2025
12180b0
feat(wasm-utxo): add signature verification methods to BitGoPsbt
OttoAllmendinger Nov 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions packages/wasm-utxo/js/fixedScriptWallet.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,14 @@ export class BitGoPsbt {
return new BitGoPsbt(wasm);
}

/**
* Get the unsigned transaction ID
* @returns The unsigned transaction ID
*/
unsignedTxid(): string {
return this.wasm.unsigned_txid();
}

/**
* Parse transaction with wallet keys to identify wallet inputs/outputs
* @param walletKeys - The wallet keys to use for identification
Expand Down Expand Up @@ -121,4 +129,44 @@ export class BitGoPsbt {
parseOutputsWithWalletKeys(walletKeys: WalletKeys): ParsedOutput[] {
return this.wasm.parse_outputs_with_wallet_keys(walletKeys);
}

/**
* Verify if a valid signature exists for a given extended public key at the specified input index.
*
* This method derives the public key from the xpub using the derivation path found in the
* PSBT input, then verifies the signature. It supports:
* - ECDSA signatures (for legacy/SegWit inputs)
* - Schnorr signatures (for Taproot script path inputs)
* - MuSig2 partial signatures (for Taproot keypath MuSig2 inputs)
*
* @param inputIndex - The index of the input to check (0-based)
* @param xpub - The extended public key as a base58-encoded string
* @returns true if a valid signature exists, false if no signature exists
* @throws Error if input index is out of bounds, xpub is invalid, or verification fails
*/
verifySignature(inputIndex: number, xpub: string): boolean {
return this.wasm.verify_signature(inputIndex, xpub);
}

/**
* Verify if a replay protection input has a valid signature.
*
* This method checks if a given input is a replay protection input (like P2shP2pk) and verifies
* the signature. Replay protection inputs don't use standard derivation paths, so this method
* verifies signatures without deriving from xpub.
*
* For P2PK replay protection inputs, this:
* - Extracts the signature from final_script_sig
* - Extracts the public key from redeem_script
* - Computes the legacy P2SH sighash
* - Verifies the ECDSA signature cryptographically
*
* @param inputIndex - The index of the input to check (0-based)
* @param replayProtection - Scripts that identify replay protection inputs (same format as parseTransactionWithWalletKeys)
* @returns true if the input is a replay protection input and has a valid signature, false if no valid signature
* @throws Error if the input is not a replay protection input, index is out of bounds, or scripts are invalid
*/
verifyReplayProtectionSignature(inputIndex: number, replayProtection: ReplayProtection): boolean {
return this.wasm.verify_replay_protection_signature(inputIndex, replayProtection);
}
}
Loading