Ecdsa class

Ecdsa

Ecdsa is the signature algorithm used by bitcoin. The way you probably want to use this is with the static Ecdsa.sign( ... ) and Ecdsa.verify( ... ) functions. Note that in bitcoin, the hashBuf is little endian, so if you are signing or verifying something that has to do with a transaction, you should explicitly plug in that it is little endian as an option to the sign and verify functions.

This implementation of Ecdsa uses deterministic signatures as defined in RFC 6979 as the default, which has become a defacto standard in bitcoin wallets due to recurring security issues around using a value of k pulled from a possibly faulty entropy pool. If you use the same value of k twice, someone can derive your private key. Deterministic k prevents this without needing an entropy pool.

Constructors

Ecdsa({Sig? sig, KeyPair? keyPair, List<int>? hashBuf, BigIntX? k, Endian? endian, bool? verified})

Properties

endian ↔ Endian?

getter/setter pair

hashBuf ↔ List<int>?

getter/setter pair

hashCode → int

The hash code for this object.

no setter, inherited

k ↔ BigIntX?

getter/setter pair

keyPair ↔ KeyPair?

getter/setter pair

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

sig ↔ Sig?

getter/setter pair

verified ↔ bool?

getter/setter pair

Methods

calcrecovery() → Ecdsa

deterministicK([int? badrs]) → Ecdsa

The traditional Ecdsa algorithm uses a purely random value of k. This has the negative that when signing, your entropy must be good, or the private key can be recovered if two signatures use the same value of k. It turns out that k does not have to be purely random. It can be deterministic, so long as an attacker can't guess it. RFC 6979 specifies how to do this using a combination of the private key and the hash of the thing to be signed. It is best practice to use this value, which can be tested for byte-for-byte accuracy, and is resistant to a broken RNG. Note that it is actually the case that bitcoin private keys have been compromised through that attack. Deterministic k is a best practice.

fromBuffer(List<int> buf) → Ecdsa

fromJSON(Map<String, dynamic> json) → Ecdsa

fromString(String str) → Ecdsa

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

randomK() → dynamic

sig2PubKey() → PubKey

sign() → Ecdsa

signRandomK() → Ecdsa

toBuffer() → List<int>

toJSON() → Map<String, dynamic>

toString() → String

A string representation of this object.

override

verify([bool? enforceLowS]) → Ecdsa

verifyStr([bool? enforceLowS]) → dynamic

Operators

operator ==(Object other) → bool

The equality operator.

inherited

Static Methods

staticCalcrecovery({Sig? sig, PubKey? pubKey, List<int>? hashBuf}) → Sig?

Calculates the recovery factor, and mutates sig so that it now contains the recovery factor and the "compressed" variable. Throws an exception on failure.

staticSig2PubKey({Sig? sig, List<int>? hashBuf}) → PubKey

staticSign({List<int>? hashBuf, KeyPair? keyPair, Endian? endian}) → Sig?

staticVerify({List<int>? hashBuf, Sig? sig, PubKey? pubKey, Endian? endian, bool enforceLowS = true}) → bool?