Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
The transaction data to sign does not exclude public keys on scriptSig. #1273
Comments
wbnns
self-assigned this
Dec 9, 2016
wbnns
added
the
Under Review
label
Jan 31, 2017
wbnns
added
Pull Request Welcome
Dev Docs
and removed
Under Review
labels
Mar 11, 2017
wbnns
added
Bounty
Bounty
and removed
Bounty
labels
May 21, 2017
|
Bounty: 5,000 bits / ~$10 USD |
Kangmo
commented
May 21, 2017
|
thank you wbnns for the bounty. 1LHesg4yPM1ksyi8ZpstGWTtaQm9pcYT2X |
|
@Kangmo Hello, yes, first you need to submit a pull request that gets merged, resolving this issue. |
|
@Kangmo that is incorrect. The pubkeys are not included in the data that is signed. It is part of the scriptsig so it is not included in the data. The scriptsig is actually replaced with the scriptPubKey, which is (a misnomer) actually the output script which the transaction is spending from. |
Kangmo commentedApr 2, 2016
Source File: _includes/devdoc/guide_transactions.md
=> In essence, the entire transaction is signed except for any signature scripts, which hold the full public keys and secp256k1 signatures.
The full public keys in signature scripts are included for signature calculation. Here is the list of data excluded from the signature script.
Also, with OP_CODESEPARATOR, the one who creates a transaction can control the data to be included for calculating the signature.