1

I have my ECKey key. In order to create an ECDSASignature object with BitcoinJ, we have to call ECDSASignature mySignature = key.sign(Sha256Hash input).

Is the Sha256Hash input my message? Or is it the result of Sha256(byte[] myArray)?

What if I don't have a message to sign? Is it acceptable to sign the key.getPrivKeyBytes() in order to create an ECDSASignature, or it is unacceptable because it reveals information including in getPrivKeyBytes() and as a result reveal my private key?

And if it is unacceptable what must be my message? Can I can sign whatever I want in order to create my ECDSASignature?

Nayuki
  • 882
  • 6
  • 19
gtopal
  • 359
  • 1
  • 11
  • Are you trying to sign a transaction? There are better ways of doing that in bitcoinj. What are you trying to sign? – Nick ODell Jan 09 '16 at 17:28
  • Let's say that first: i am trying to sign a transaction and as a second secnario that i am going to sign a message in the form of String variable.Which are these better ways?Thanks. – gtopal Jan 09 '16 at 17:34
  • 1
    http://bitcoin.stackexchange.com/questions/3374/how-to-redeem-a-basic-tx – amaclin Jan 09 '16 at 19:09
  • Thanks. I will actually create a message (as a String variable) rather than a whole transaction,and finally i will sign this message to fulfill my program's functionality desires. – gtopal Jan 09 '16 at 20:32
  • 1
    @Top If you're trying to sign a transaction, you should use `Wallet.signTransaction(Wallet.SendRequest.forTx(transaction));` If you're trying to sign a message, you should hash the message first with SHA256. – Nick ODell Jan 09 '16 at 21:55

1 Answers1

1

Signing the bytes of the private key of ECKey key is unacceptable because you are vulnerable for realeasing information about your private key.

In the case of signing a message(as a String) you have to estimate the :

 byte[] result= sha256(message)

The result will be a byte[] and this array finally will insert to the :

 Sha256Hash input= new Sha256Hash(result);

Then the procedure is simple in order to produce the ECDSASignature. You have to do the following:

ECDSASignature signature= key.sign(input);

and finally in order to validate your signature you have to check the following:

key.verify(input, signature)
gtopal
  • 359
  • 1
  • 11