From 0a075573ed88aa6f64e87d0f50fdad39a3709a19 Mon Sep 17 00:00:00 2001 From: Nadav Ivgi Date: Thu, 28 Nov 2013 21:01:55 +0200 Subject: [PATCH] Fix signing with compressed keys calcPubkeyRecoveryParam always assumed a non-compressed key, and was comparing the address generated from a non-compressed public key against the original address generated from the compressed public key. This commit fixes it by passing the entire pubkey object, and configuring the generated address to use the same compressed setting as the original one. --- src/ecdsa.js | 4 +++- src/message.js | 3 +-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/ecdsa.js b/src/ecdsa.js index 1aa15ed..e65b8e1 100644 --- a/src/ecdsa.js +++ b/src/ecdsa.js @@ -275,10 +275,12 @@ var ECDSA = { * This function simply tries all four cases and returns the value * that resulted in a successful pubkey recovery. */ - calcPubkeyRecoveryParam: function (address, r, s, hash) + calcPubkeyRecoveryParam: function (origPubkey, r, s, hash) { + var address = origPubkey.getBitcoinAddress().toString(); for (var i = 0; i < 4; i++) { var pubkey = ECDSA.recoverPubKey(r, s, hash, i); + pubkey.compressed = origPubkey.compressed; if (pubkey.getBitcoinAddress().toString() == address) { return i; } diff --git a/src/message.js b/src/message.js index abc2da5..ef29117 100644 --- a/src/message.js +++ b/src/message.js @@ -34,8 +34,7 @@ Message.signMessage = function (key, message, compressed) { var obj = ecdsa.parseSig(sig); - var address = key.getBitcoinAddress().toString(); - var i = ecdsa.calcPubkeyRecoveryParam(address, obj.r, obj.s, hash); + var i = ecdsa.calcPubkeyRecoveryParam(key, obj.r, obj.s, hash); i += 27; if (compressed) i += 4;