Package secp256k1 wraps the bitcoin secp256k1 C library.



    This section is empty.


    View Source
    var (
    	ErrInvalidMsgLen       = errors.New("invalid message length, need 32 bytes")
    	ErrInvalidSignatureLen = errors.New("invalid signature length")
    	ErrInvalidRecoveryID   = errors.New("invalid signature recovery id")
    	ErrInvalidKey          = errors.New("invalid private key")
    	ErrInvalidPubkey       = errors.New("invalid public key")
    	ErrSignFailed          = errors.New("signing failed")
    	ErrRecoverFailed       = errors.New("recovery failed")


    func CompressPubkey

    func CompressPubkey(x, y *big.Int) []byte

      CompressPubkey encodes a public key to 33-byte compressed format.

      func DecompressPubkey

      func DecompressPubkey(pubkey []byte) (x, y *big.Int)

        DecompressPubkey parses a public key in the 33-byte compressed format. It returns non-nil coordinates if the public key is valid.

        func RecoverPubkey

        func RecoverPubkey(msg []byte, sig []byte) ([]byte, error)

          RecoverPubkey returns the public key of the signer. msg must be the 32-byte hash of the message to be signed. sig must be a 65-byte compact ECDSA signature containing the recovery id as the last element.

          func Sign

          func Sign(msg []byte, seckey []byte) ([]byte, error)

            Sign creates a recoverable ECDSA signature. The produced signature is in the 65-byte [R || S || V] format where V is 0 or 1.

            The caller is responsible for ensuring that msg cannot be chosen directly by an attacker. It is usually preferable to use a cryptographic hash function on any input before handing it to this function.

            func VerifySignature

            func VerifySignature(pubkey, msg, signature []byte) bool

              VerifySignature checks that the given pubkey created signature over message. The signature should be in [R || S] format.


              type BitCurve

              type BitCurve struct {
              	P       *big.Int // the order of the underlying field
              	N       *big.Int // the order of the base point
              	B       *big.Int // the constant of the BitCurve equation
              	Gx, Gy  *big.Int // (x,y) of the base point
              	BitSize int      // the size of the underlying field

                A BitCurve represents a Koblitz Curve with a=0. See

                func S256

                func S256() *BitCurve

                  S256 returns a BitCurve which implements secp256k1.

                  func (*BitCurve) Add

                  func (BitCurve *BitCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)

                    Add returns the sum of (x1,y1) and (x2,y2)

                    func (*BitCurve) Double

                    func (BitCurve *BitCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int)

                      Double returns 2*(x,y)

                      func (*BitCurve) IsOnCurve

                      func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool

                        IsOnCurve returns true if the given (x,y) lies on the BitCurve.

                        func (*BitCurve) Marshal

                        func (BitCurve *BitCurve) Marshal(x, y *big.Int) []byte

                          Marshal converts a point into the form specified in section 4.3.6 of ANSI X9.62.

                          func (*BitCurve) Params

                          func (BitCurve *BitCurve) Params() *elliptic.CurveParams

                          func (*BitCurve) ScalarBaseMult

                          func (BitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int)

                            ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer in big-endian form.

                            func (*BitCurve) ScalarMult

                            func (BitCurve *BitCurve) ScalarMult(Bx, By *big.Int, scalar []byte) (*big.Int, *big.Int)

                            func (*BitCurve) Unmarshal

                            func (BitCurve *BitCurve) Unmarshal(data []byte) (x, y *big.Int)

                              Unmarshal converts a point, serialised by Marshal, into an x, y pair. On error, x = nil.