Documentation ¶
Overview ¶
Package secp256k1 wraps the bitcoin secp256k1 C library.
Index ¶
- Variables
- func CompressPubkey(x, y *big.Int) []byte
- func DecompressPubkey(pubkey []byte) (x, y *big.Int)
- func RecoverPubkey(msg []byte, sig []byte) ([]byte, error)
- func Sign(msg []byte, seckey []byte) ([]byte, error)
- func VerifySignature(pubkey, msg, signature []byte) bool
- type BitCurve
- func (BitCurve *BitCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)
- func (BitCurve *BitCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int)
- func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool
- func (BitCurve *BitCurve) Marshal(x, y *big.Int) []byte
- func (BitCurve *BitCurve) Params() *elliptic.CurveParams
- func (BitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int)
- func (BitCurve *BitCurve) ScalarMult(Bx, By *big.Int, scalar []byte) (*big.Int, *big.Int)
- func (BitCurve *BitCurve) Unmarshal(data []byte) (x, y *big.Int)
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidMsgLen = errors.New("invalid message length, need 32 bytes") ErrInvalidSignatureLen = errors.New("invalid signature length") ErrInvalidRecoveryID = errors.New("invalid signature recovery id") ErrInvalidKey = errors.New("invalid private key") ErrInvalidPubkey = errors.New("invalid public key") ErrSignFailed = errors.New("signing failed") ErrRecoverFailed = errors.New("recovery failed") )
Functions ¶
func CompressPubkey ¶ added in v1.8.0
CompressPubkey encodes a public key to 33-byte compressed format.
func DecompressPubkey ¶ added in v1.8.0
DecompressPubkey parses a public key in the 33-byte compressed format. It returns non-nil coordinates if the public key is valid.
func RecoverPubkey ¶
RecoverPubkey returns the the public key of the signer. msg must be the 32-byte hash of the message to be signed. sig must be a 65-byte compact ECDSA signature containing the recovery id as the last element.
func Sign ¶
Sign creates a recoverable ECDSA signature. The produced signature is in the 65-byte [R || S || V] format where V is 0 or 1.
The caller is responsible for ensuring that msg cannot be chosen directly by an attacker. It is usually preferable to use a cryptographic hash function on any input before handing it to this function.
func VerifySignature ¶
VerifySignature checks that the given pubkey created signature over message. The signature should be in [R || S] format.
Types ¶
type BitCurve ¶ added in v1.4.1
type BitCurve struct { P *big.Int // the order of the underlying field N *big.Int // the order of the base point B *big.Int // the constant of the BitCurve equation Gx, Gy *big.Int // (x,y) of the base point BitSize int // the size of the underlying field }
A BitCurve represents a Koblitz Curve with a=0. See http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html
func S256 ¶ added in v1.4.1
func S256() *BitCurve
S256 returns a BitCurve which implements secp256k1.
func (*BitCurve) IsOnCurve ¶ added in v1.4.1
IsOnCurve returns true if the given (x,y) lies on the BitCurve.
func (*BitCurve) Marshal ¶ added in v1.4.1
Marshal converts a point into the form specified in section 4.3.6 of ANSI X9.62.
func (*BitCurve) Params ¶ added in v1.4.1
func (BitCurve *BitCurve) Params() *elliptic.CurveParams
func (*BitCurve) ScalarBaseMult ¶ added in v1.4.1
ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer in big-endian form.