Open doc-hex opened 8 years ago
Looks like you should be able to just use:
recid = p[curve->num_bytes] & 0x01
at uECC.c:1200 (in the current revision).
Technically you also need to account for overflow mod n, but that will basically never happen.
Thanks! Do you want a pull request which does that? The problem is I have to change the API.
Try it out and see if it works for you locally first. I'll think about whether/how to do an API change.
Hmm. Didn't work. Still gets wrong answer about 50% of the time. I wonder if the "side channel" protection stuff is a factor here.
OK, I'll look into it in more detail
My mistake, it should be:
recid = p[num_words] & 0x01;
Yes. Works great! I should have noticed that.
+1 for this feature. It's great to have recovery ID.
It would be great to see this small feature integrated into the API!
For those who need recid and pubkey recovery feature. try this trezor's library out, it is btc/eth blockchain friedly. https://github.com/trezor/trezor-firmware/tree/master/crypto
I want to use your wonderful library for message signing in Bitcoin. However, the standard bitcoin signature format includes 2 extra bits: "recid" or "recovery id". This value captures which of the four possible X values that (R, S) imply and allow the specific public key to be recovered from the signature itself. The process is nicely described in this answer on stackexchange.
The problem is
uECC_sign_with_k
does the right math, and makes valid signatures, but the values I need forrecid
are not exposed.I am tempted to change/extend your code to capture these values during the signing process. However, it's a bit beyond my pay grade. What are your thoughts?