|
Bouncy Castle Cryptography Library 1.85 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectorg.bouncycastle.crypto.signers.BIP340Signer
Schnorr signatures for secp256k1 per BIP-340 (with the BIP-340bis variable-length-message extension).
Public keys are the 32-byte big-endian X coordinate of the unique even-Y curve point with that X. Signatures are the fixed 64-byte concatenation — neither encoding matches BC's ECDSA defaults.
Auxiliary randomness follows the usual BC low-level signer convention: the signer is randomized by
default. A ParametersWithRandom on init(boolean, org.bouncycastle.crypto.CipherParameters) supplies the source for the fresh 32-byte
drawn per generateSignature() call (BIP-340 §3.2, recommended for side-channel
hardening); when none is supplied the default CryptoServicesRegistrar source is substituted, as
for SM2Signer / ECDSASigner. Deterministic Schnorr (aux_rand = 0^32) is BIP-340 compliant
but must be requested explicitly via BIP340Signer(boolean) — the absence of a supplied
SecureRandom does not silently select it.
| Constructor Summary | |
BIP340Signer()
Create a randomized BIP-340 signer: a per-signature is drawn from the supplied ParametersWithRandom source, or the default CryptoServicesRegistrar source when none
is supplied. |
|
BIP340Signer(boolean deterministic)
|
|
| Method Summary | |
static ECPublicKeyParameters |
decodePublicKey(byte[] xOnly)
Lift a 32-byte x-only BIP-340 public key to an ECPublicKeyParameters carrying the unique
even-Y secp256k1 point with that X. |
byte[] |
generateSignature()
generate a signature for the message we've been loaded with using the key we were initialised with. |
static ECDomainParameters |
getDomain()
secp256k1 domain parameters. |
void |
init(boolean forSigning,
CipherParameters parameters)
Initialise the signer for signing or verification. |
void |
reset()
reset the internal state |
void |
update(byte b)
update the internal digest with the byte b |
void |
update(byte[] in,
int off,
int len)
update the internal digest with the byte array in |
boolean |
verifySignature(byte[] signature)
return true if the internal state represents the signature described in the passed in array. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
public BIP340Signer()
ParametersWithRandom source, or the default CryptoServicesRegistrar source when none
is supplied.
public BIP340Signer(boolean deterministic)
deterministic - when , sign deterministically with (BIP-340
§3.3 default signing with empty auxiliary randomness) and ignore any supplied
SecureRandom; when (the usual case) draw a per-signature 32-byte
from the supplied or default SecureRandom.| Method Detail |
public static ECDomainParameters getDomain()
ECPrivateKeyParameters / call an
ECKeyPairGenerator for BIP-340.
public static ECPublicKeyParameters decodePublicKey(byte[] xOnly)
ECPublicKeyParameters carrying the unique
even-Y secp256k1 point with that X. Returns for the cases BIP-340 §3.1 defines as
verification failures: wrong length, X out of , or no curve point with that X.
public void init(boolean forSigning,
CipherParameters parameters)
Signer
init in interface SignerforSigning - true if for signing, false otherwiseparameters - necessary parameters.public void update(byte b)
Signer
update in interface Signer
public void update(byte[] in,
int off,
int len)
Signer
update in interface Signerpublic byte[] generateSignature()
Signer
generateSignature in interface Signerpublic boolean verifySignature(byte[] signature)
Signer
verifySignature in interface Signerpublic void reset()
Signer
reset in interface Signer
|
Bouncy Castle Cryptography Library 1.85 | |||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||