public class BIP340Signer extends java.lang.Object implements Signer
Public keys are the 32-byte big-endian X coordinate of the unique even-Y curve point with that X.
Signatures are the fixed 64-byte concatenation bytes(R) || bytes(s) — neither encoding
matches BC's ECDSA defaults.
Auxiliary randomness follows the usual BC low-level signer convention: the signer is randomized by
default. A ParametersWithRandom on init(boolean, org.bouncycastle.crypto.CipherParameters) supplies the source for the fresh 32-byte
aux_rand drawn per generateSignature() call (BIP-340 §3.2, recommended for side-channel
hardening); when none is supplied the default CryptoServicesRegistrar source is substituted, as
for SM2Signer / ECDSASigner. Deterministic Schnorr (aux_rand = 0^32) is BIP-340 compliant
but must be requested explicitly via BIP340Signer(boolean) — the absence of a supplied
SecureRandom does not silently select it.
| Constructor and Description |
|---|
BIP340Signer()
Create a randomized BIP-340 signer: a per-signature
aux_rand is drawn from the supplied
ParametersWithRandom source, or the default CryptoServicesRegistrar source when none
is supplied. |
BIP340Signer(boolean deterministic) |
| Modifier and Type | Method and Description |
|---|---|
static ECPublicKeyParameters |
decodePublicKey(byte[] xOnly)
Lift a 32-byte x-only BIP-340 public key to an
ECPublicKeyParameters carrying the unique
even-Y secp256k1 point with that X. |
byte[] |
generateSignature()
generate a signature for the message we've been loaded with using
the key we were initialised with.
|
static ECDomainParameters |
getDomain()
secp256k1 domain parameters.
|
void |
init(boolean forSigning,
CipherParameters parameters)
Initialise the signer for signing or verification.
|
void |
reset()
reset the internal state
|
void |
update(byte b)
update the internal digest with the byte b
|
void |
update(byte[] in,
int off,
int len)
update the internal digest with the byte array in
|
boolean |
verifySignature(byte[] signature)
return true if the internal state represents the signature described
in the passed in array.
|
public BIP340Signer()
aux_rand is drawn from the supplied
ParametersWithRandom source, or the default CryptoServicesRegistrar source when none
is supplied.public BIP340Signer(boolean deterministic)
deterministic - when true, sign deterministically with aux_rand = 0^32 (BIP-340
§3.3 default signing with empty auxiliary randomness) and ignore any supplied
SecureRandom; when false (the usual case) draw a per-signature 32-byte
aux_rand from the supplied or default SecureRandom.public static ECDomainParameters getDomain()
ECPrivateKeyParameters / call an
ECKeyPairGenerator for BIP-340.public static ECPublicKeyParameters decodePublicKey(byte[] xOnly)
ECPublicKeyParameters carrying the unique
even-Y secp256k1 point with that X. Returns null for the cases BIP-340 §3.1 defines as
verification failures: wrong length, X out of [0, p), or no curve point with that X.public void init(boolean forSigning,
CipherParameters parameters)
Signerpublic void update(byte b)
Signerpublic void update(byte[] in,
int off,
int len)
Signerpublic byte[] generateSignature()
SignergenerateSignature in interface Signerpublic boolean verifySignature(byte[] signature)
SignerverifySignature in interface Signer