-
Notifications
You must be signed in to change notification settings - Fork 977
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How do I verify compact signatures? #45
Comments
Compact signatures use a different format, which _verify does not accept. All you can do is call recover on it, and check that the recovered public key is what you expect it to be. |
So basically I should recover the public key from the recovery signature, sign the message again with it, and if the generated normal signature passes verify, I can be sure that the recovery one was valid too? I see. Thank you. |
No, just recover the pubkey and compare the pubkey with what you expect it to be. And you can't sign with a public key. |
Well, that should work too, but wouldn't what I described work too? Or is it just not secure for some reason? |
It would be impossible (you don't get the private key) and even if it was, very inefficient. The key recovery guarantees that the signature is a valid signature for that message with the private key corresponding to the recovered public key. |
In real life I wouldn't have the private key, right. And the header file states that recovery: (which guarantees a correct signature). I think I know everything now. Thank you! |
musig: add user documentation
Hi,
I'm working on Rust language bindings for bitcoin-secp256k1 and I can't get tests verifing the compact signatures to work:
The code is here:
https://github.com/dpc/bitcoin-secp256k1-rs/blob/master/src/secp256k1.rs#L354
The results are here:
Am I missing something obvious?
The text was updated successfully, but these errors were encountered: