Package org.bitcoinj.crypto
Class TransactionSignature
- java.lang.Object
-
- org.bitcoinj.core.ECKey.ECDSASignature
-
- org.bitcoinj.crypto.TransactionSignature
-
public class TransactionSignature extends ECKey.ECDSASignature
A TransactionSignature wraps anECKey.ECDSASignature
and adds methods for handling the additional SIGHASH mode byte that is used.
-
-
Field Summary
Fields Modifier and Type Field Description int
sighashFlags
A byte that controls which parts of a transaction are signed.-
Fields inherited from class org.bitcoinj.core.ECKey.ECDSASignature
r, s
-
-
Constructor Summary
Constructors Constructor Description TransactionSignature(java.math.BigInteger r, java.math.BigInteger s)
Constructs a signature with the given components and SIGHASH_ALL.TransactionSignature(java.math.BigInteger r, java.math.BigInteger s, int sighashFlags)
Constructs a signature with the given components and raw sighash flag bytes (needed for rule compatibility).TransactionSignature(ECKey.ECDSASignature signature, Transaction.SigHash mode, boolean anyoneCanPay)
Constructs a transaction signature based on the ECDSA signature.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
anyoneCanPay()
static int
calcSigHashValue(Transaction.SigHash mode, boolean anyoneCanPay)
Calculates the byte used in the protocol to represent the combination of mode and anyoneCanPay.static TransactionSignature
decodeFromBitcoin(byte[] bytes, boolean requireCanonicalEncoding, boolean requireCanonicalSValue)
Returns a decoded signature.static TransactionSignature
dummy()
Returns a dummy invalid signature whose R/S values are set such that they will take up the same number of encoded bytes as a real signature.byte[]
encodeToBitcoin()
What we get back from the signer are the two components of a signature, r and s.static boolean
isEncodingCanonical(byte[] signature)
Returns true if the given signature is has canonical encoding, and will thus be accepted as standard by Bitcoin Core.Transaction.SigHash
sigHashMode()
ECKey.ECDSASignature
toCanonicalised()
Will automatically adjust the S component to be less than or equal to half the curve order, if necessary.-
Methods inherited from class org.bitcoinj.core.ECKey.ECDSASignature
decodeFromDER, derByteStream, encodeToDER, equals, hashCode, isCanonical
-
-
-
-
Field Detail
-
sighashFlags
public final int sighashFlags
A byte that controls which parts of a transaction are signed. This is exposed because signatures parsed off the wire may have sighash flags that aren't "normal" serializations of the enum values. Because Bitcoin Core works via bit testing, we must not lose the exact value when round-tripping otherwise we'll fail to verify signature hashes.
-
-
Constructor Detail
-
TransactionSignature
public TransactionSignature(java.math.BigInteger r, java.math.BigInteger s)
Constructs a signature with the given components and SIGHASH_ALL.
-
TransactionSignature
public TransactionSignature(java.math.BigInteger r, java.math.BigInteger s, int sighashFlags)
Constructs a signature with the given components and raw sighash flag bytes (needed for rule compatibility).
-
TransactionSignature
public TransactionSignature(ECKey.ECDSASignature signature, Transaction.SigHash mode, boolean anyoneCanPay)
Constructs a transaction signature based on the ECDSA signature.
-
-
Method Detail
-
dummy
public static TransactionSignature dummy()
Returns a dummy invalid signature whose R/S values are set such that they will take up the same number of encoded bytes as a real signature. This can be useful when you want to fill out a transaction to be of the right size (e.g. for fee calculations) but don't have the requisite signing key yet and will fill out the real signature later.
-
calcSigHashValue
public static int calcSigHashValue(Transaction.SigHash mode, boolean anyoneCanPay)
Calculates the byte used in the protocol to represent the combination of mode and anyoneCanPay.
-
isEncodingCanonical
public static boolean isEncodingCanonical(byte[] signature)
Returns true if the given signature is has canonical encoding, and will thus be accepted as standard by Bitcoin Core. DER and the SIGHASH encoding allow for quite some flexibility in how the same structures are encoded, and this can open up novel attacks in which a man in the middle takes a transaction and then changes its signature such that the transaction hash is different but it's still valid. This can confuse wallets and generally violates people's mental model of how Bitcoin should work, thus, non-canonical signatures are now not relayed by default.
-
anyoneCanPay
public boolean anyoneCanPay()
-
sigHashMode
public Transaction.SigHash sigHashMode()
-
encodeToBitcoin
public byte[] encodeToBitcoin()
What we get back from the signer are the two components of a signature, r and s. To get a flat byte stream of the type used by Bitcoin we have to encode them using DER encoding, which is just a way to pack the two components into a structure, and then we append a byte to the end for the sighash flags.
-
toCanonicalised
public ECKey.ECDSASignature toCanonicalised()
Description copied from class:ECKey.ECDSASignature
Will automatically adjust the S component to be less than or equal to half the curve order, if necessary. This is required because for every signature (r,s) the signature (r, -s (mod N)) is a valid signature of the same message. However, we dislike the ability to modify the bits of a Bitcoin transaction after it's been signed, as that violates various assumed invariants. Thus in future only one of those forms will be considered legal and the other will be banned.- Overrides:
toCanonicalised
in classECKey.ECDSASignature
-
decodeFromBitcoin
public static TransactionSignature decodeFromBitcoin(byte[] bytes, boolean requireCanonicalEncoding, boolean requireCanonicalSValue) throws SignatureDecodeException, VerificationException
Returns a decoded signature.- Parameters:
requireCanonicalEncoding
- if the encoding of the signature must be canonical.requireCanonicalSValue
- if the S-value must be canonical (below half the order of the curve).- Throws:
SignatureDecodeException
- if the signature is unparseable in some way.VerificationException
- if the signature is invalid.
-
-