Closed wallaceturner closed 5 years ago
toDER of the old ecsignature object was separated from bitcoin in that the module was meant to only include ECDSA concepts.
Whereas script module in 4 is definitely bitcoin specific, so the encode function includes the 1 byte sighash version at the end.
@junderw I am signing a transaction, however there is a bit more to the story in that i'm doing its via blockcypher whereby they send you a list of tx to sign (see the very end of the json I have pasted below) You then send the signatures back to them and they push it to the network. They reject any signature with the hashType appended so I can only assume they append it themselves after you send it to them ?
{
"tx":{
"block_height":-1,
"block_index":-1,
"hash":"43420bf7ef53a8e934922723c761f45e0bc30ddd5ff29cd76124cca620d7b01b",
"addresses":[
"C4jhPuD3pLqHMwuUwjg3yVCPD4P67TZ56r",
"By6JsQn9qU1UQ9U6du5f8q6oaFK1nuRhLy"
],
"total":10958000,
"fees":2000,
"size":160,
"preference":"medium",
"relayed_by":"220.253.234.40",
"received":"2018-10-08T05:55:50.674909066Z",
"ver":1,
"double_spend":false,
"vin_sz":2,
"vout_sz":2,
"confirmations":0,
"inputs":[
{
"prev_hash":"0a0da1f1e73e8410a6127fb792fb59d39c5d2d23566d5e7ee291323ee0c3741f",
"output_index":0,
"output_value":980000,
"sequence":4294967295,
"addresses":[
"C4jhPuD3pLqHMwuUwjg3yVCPD4P67TZ56r"
],
"script_type":"pay-to-pubkey-hash",
"age":1460793
},
{
"prev_hash":"bdcda0aeddb31d35620777a1027b56a4c957fbcb44c986e872b1f2dd1086db9e",
"output_index":0,
"output_value":9980000,
"sequence":4294967295,
"addresses":[
"C4jhPuD3pLqHMwuUwjg3yVCPD4P67TZ56r"
],
"script_type":"pay-to-pubkey-hash",
"age":1463662
}
],
"outputs":[
{
"value":9998000,
"script":"76a9144170fea46aa089845744c6f9d27229e2c1c8daf188ac",
"addresses":[
"By6JsQn9qU1UQ9U6du5f8q6oaFK1nuRhLy"
],
"script_type":"pay-to-pubkey-hash"
},
{
"value":960000,
"script":"76a9147f5bd154f2f0b10402aa1aa892eb90162a39d80e88ac",
"addresses":[
"C4jhPuD3pLqHMwuUwjg3yVCPD4P67TZ56r"
],
"script_type":"pay-to-pubkey-hash"
}
]
},
"tosign":[
"06c93519d72cd1741d5a661ae47d62396bb6c42ddaa2f5fd3c4ec3e473cf121c",
"c2710305053139070bd17964614de12768632a297af8123a15ca25a6d52d62c4"
]
}
Yes. They are doing the sighash appending for you. So what sighash you send to the encode function is irrelevant. (sighash is only to tell bitcoinjs-lib how to create the tosign
hash... but it seems they are producing this for you.)
............................
That being said... THIS API THEY HAVE IS INSECURE!
You are 100% trusting them here, and just blindly signing the hashes they provide without verifying that the hashes match what you verified yourself is the same as giving them your private keys....
I would highly recommend against using this API.
@junderw Thanks for the advice. According to that link there is a way to validate the data being signed
For the extra cautious, you can protect yourself from a potential malicious attack on BlockCypher by validating the data we’re asking you to sign. Unfortunately, it’s impossible to do so directly, as pre-signed signature data is hashed twice using SHA256. To get around this, set the includeToSignTx URL flag to true. The optional tosign_tx array will be returned within the TXSkeleton, which you can use in the following way:
Hashing the hex-encoded string twice using SHA256 should give you back the corresponding tosign data. Decoding the hex-encoded string using our /txs/decode endpoint (or an independent, client-side source) should give you the output addresses and amounts that match your work-in-progress transaction.
Ultimately I would prefer to build the tx locally, however blockcypher has a very user-friendly way of creating a tx that I haven't been able to find in any library (please suggest one if you know one that replicates the following feature) 1) Prior to creating a tx you submit your address(es) to a named wallet (for which you hold the keys) 2) to create a tx you specify the wallet name, the receiving address and an amount 3) blockcypher then creates the tx for you, working out which inputs should be used from the specified wallet.
Please validate the data being signed.
Remember, you need to link the evidence for each of those questions to the hash you are signing... Otherwise they could possibly make you sign a transaction sending all your coins to BlockCypher.
When using 3.x I was writing
and the version 4 equivalent (as I understand it)
They produce identical output except for the last byte; it seems the hashType is appended to the signature when using
bjs.script.signature.encode
At the moment I am just truncating the last 2 characters ofhexStr
which 'fixes' this issue but it feels wrong (and probably is) Can someone clarify?