Could somebody please tell me what is the output format of the sign_message function (in client.py)?

[ghost]

Hello,

I am playing around with the sign_message function and am trying to decipher the output. I am assuming that this is an ecdsa (secp256k1) signature, but is that even correct? The first byte seems like a length, perhaps of r? Followed by r, then by s? But this does not seem to be the case. Any help would be appreciated.

Thank you!

[matejcik]

the first byte is a flag, followed by 32byte R and 32byte S

The purpose of the flag is to allow reconstructing the address from the signature. The meaning is somewhat obscure; i'm recovering it from the code (and asking my colleagues :) ).

basically:

27
+ <key recovery bit>
+ <4 if compressed key>
+ <4 if P2SH-segwit>
+ <8 if native segwit>

where:

• key recovery bit is 0 or 1 to indicate the sign of the recovered pubkey
• compressed public key means that you only store (and hash) the X coordinate plus a sign of Y. SegWit addresses always use compressed keys

So:

• 0 is old-style uncompressed key
• 4 is old-style compressed key
• 8 is P2SH-segwit
• 12 is native segwit

and the resulting flag is 27 + <key recovery bit> + <address type>. This is enough information to recover the btc address used to sign this message.

[ghost]

Thank you! This is very helpful. I was under the impression that R and S could be different than 32 bytes, but perhaps that only in the DER encoding? In any case, I will continue to play around and see if what I want to do works. Thank you again.