-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug In Library #15
Comments
If you want to show us an example please give us full data of this example, so we can check it and verify your request (you miss private key hex, also your code will be great help). I performed test using other data and the behaviour was similar, I mean sometimes signatures differs. First of all our ECDSA signatures are still valid, because in ECDSA you can use any k to sign a message, it calls non deterministic signatures. But there is https://tools.ietf.org/html/rfc6979 which describes how to generate k basing on message - signatures which using this k are "deterministic". Determinisitc signatures should be the same but they not always are. You can see note at page you linked https://github.com/blockcypher/btcutils/tree/master/signer "As a friendly reminder, if you run this example locally, your resulting signature may differ---ECDSA does not furnish deterministic signatures, but they are no less valid." We generate k the same as https://www.npmjs.com/package/elliptic and we have always the same signatures as they have. You can say that we have bug in our k generating, but as I see it is correct and match with RFC. If you have more libs and examples when our determinisitic signatures differs, you can show us FULL examples of them, and we verify it. Lastly when you verify a ECDSA signature you never should compare it with some strings, you should always verify it using some calculation and by calling verify method. |
maybe you can try by adding zero at the beginning of the string or the length of the string is odd. |
I found bug from library. Look at this, how do I found it.
I want sign 2 msg, there are:
and then I compare with the other lib using this lib https://github.com/blockcypher/btcutils/tree/master/signer , the result of signing is different.
Result of msg = 44ab4c3451:
your lib : 3045022100a192e997d87d792304cbe1d8140f72aad11342f92e8bfc881870da43d4df2b2602207d02bf4645e9d89b0549e9c6160a38531bb39e794789ee2b46c7b288e4835d22
golang lib : 3045022100a192e997d87d792304cbe1d8140f72aad11342f92e8bfc881870da43d4df2b2602207d02bf4645e9d89b0549e9c6160a38531bb39e794789ee2b46c7b288e4835d22
Result of msg = 0444ab4c3451:
your lib: 304502202ac6efb8337464a741de1a7ce0ee3bd7bdb2572cc47845964b6f8596fb6aa3aa022100e01dfac253641b2f03030c0c5b66c5f71d329bdc5898e8afd6d3d2f1b500d8fa
Golang lib : 304402202ac6efb8337464a741de1a7ce0ee3bd7bdb2572cc47845964b6f8596fb6aa3aa02201fe2053dac9be4d0fcfcf3f3a4993a079d7c410a56afb78be8fe8b9b1b356847
Maybe your lib cant read zero on first string, could you help me to fix this ?
Sorry my bad english.
Thanks.
The text was updated successfully, but these errors were encountered: