Fix signing with compressed keys

calcPubkeyRecoveryParam always assumed a non-compressed key, and was comparing the address generated from a non-compressed public key against the original address generated from the compressed public key. This commit fixes it by passing the entire pubkey object, and configuring the generated address to use the same compressed setting as the original one.
11 years ago · 0a075573ed
2 changed files with 4 additions and 3 deletions
--- a/src/ecdsa.js
+++ b/src/ecdsa.js
@ -275,10 +275,12 @@ var ECDSA = {
   * This function simply tries all four cases and returns the value
   * that resulted in a successful pubkey recovery.
   */
-  calcPubkeyRecoveryParam: function (address, r, s, hash)
+  calcPubkeyRecoveryParam: function (origPubkey, r, s, hash)
  {
+    var address = origPubkey.getBitcoinAddress().toString();
    for (var i = 0; i < 4; i++) {
      var pubkey = ECDSA.recoverPubKey(r, s, hash, i);
+      pubkey.compressed = origPubkey.compressed;
      if (pubkey.getBitcoinAddress().toString() == address) {
        return i;
      }
--- a/src/message.js
+++ b/src/message.js
@ -34,8 +34,7 @@ Message.signMessage = function (key, message, compressed) {

  var obj = ecdsa.parseSig(sig);

-  var address = key.getBitcoinAddress().toString();
-  var i = ecdsa.calcPubkeyRecoveryParam(address, obj.r, obj.s, hash);
+  var i = ecdsa.calcPubkeyRecoveryParam(key, obj.r, obj.s, hash);

  i += 27;
  if (compressed) i += 4;