Hi , based on my current understanding, this elliptic-php can only generates private-public key pairs, and cannot generate public key from a given private key. It that right?

Then how could I get pulickey from a given privatekey?

Many thanks if any information could be provided!

Hi !

I am trying to do this using your library:

https://developer.apple.com/documentation/storekit/in-app_purchase/generating_a_signature_for_subscription_offers

Can you provide any help ?

Hello,

Deprecated: assert(): Calling assert() with a string argument is deprecated in E:\Development\WebServer\7.2\xampp\htdocs\webserver.local\projects\blockchain\Elliptic\EdDSA.php on line 16

Deprecated: assert(): Calling assert() with a string argument is deprecated in E:\Development\WebServer\7.2\xampp\htdocs\webserver.local\projects\blockchain\BN\BN.php on line 551

Deprecated: assert(): Calling assert() with a string argument is deprecated in E:\Development\WebServer\7.2\xampp\htdocs\webserver.local\projects\blockchain\BN\BN.php on line 477

Thx

i got the same sign for 2 differrent msg

782a3039b478c839e4cb0c941ff4eaeb7df40bdd68bd441afd444b9da763de12909ce62ec5dc1c862a5e0100086775657374313233086c697472626f6f6839707265646c61676179752d697a6d656e69742d616c676f7269746d792d656d69737369692d6762672d692d7679706c61742d6176746f72616d102700

782a3039b478c839e4cb0c941ff4eaeb7df40bdd68bd441afd444b9da763de128b9cf23c3bef13862a5e0100086775657374313233086c697472626f6f6839707265646c61676179752d697a6d656e69742d616c676f7269746d792d656d69737369692d6762672d692d7679706c61742d6176746f72616d102700

I'm trying to use your example "Verifying Ethereum Signature"

In the client, using ethers.js I used this code:

    const Signer = await provider.getSigner();
    const userAddress = await Signer.getAddress();
    const numTokens = await ContractUser.balanceOf(userAddress);
    let currentTime = new Date();
    let month = currentTime.getMonth() + 1;
    let day = currentTime.getDate();
    let year = currentTime.getFullYear();
    let msgToSign = 'Connect: ' + userAddress + ' on ' + year + month + day;
    let messageHash = ethers.utils.solidityKeccak256(['string'],[msgToSign]);
    let signature = await Signer.signMessage(ethers.utils.arrayify(messageHash));

And then to verify it

    let recovered = ethers.utils.verifyMessage(ethers.utils.arrayify(messageHash), signature);

which works, it correctly returns the userAddress.

But then, using your example to verify the signature in php, I get a different address. I noticed the messageHash is different than the hash calculated in the php. When I removed the $message prefix (string and length) and just hash the message as is, I get the same hash as in javascript. However, in both cases, the address returned is different.

Can you help me?

Hi there, I'm not a crypto expert so I have a question; Can I use this lib to generate a pub/priv keypair based on a seed or secret (so reproducable) to use with, in my case, BigChainDB? (https://docs.bigchaindb.com/projects/js-driver/en/latest/usage.html#cryptographic-identities-generation)

I can manage to get a private key using the $key->priv() method but the pub() method returns an array I do not know how to use? I''m expecting something like: DGNE3CjqfGoeJYYMzZZVWAw22eqxEZb46xg5zupC63a6

Can this be documented?

I'm trying to recover a Message, but I don't understand your params. Can you document them?

https://github.com/simplito/elliptic-php/blob/be6b14c6999a5c328457d571f643ef8b3f3f82d0/lib/EC.php#L212-L214

Especially I don't understand what $j is (type and values). In my case I have a recovery param of 27, which wont work.

In your test it seems that you requiring the PubKey in order to recover it.

https://github.com/simplito/elliptic-php/blob/d6c5ecaaf434a52449f5e8faa350311c9fd1dd7a/tests/ECDSATest.php#L300-L308

As you might know in the Ethereum world we don't really have a publicKey, but a derivate of it.

Can you provide a example of PubKey recovery which just requires Message+Signature?

PublicKey = ellipse X coordinate

uncompressedPublicKey = prefix 04 + ellipse X coordinate + ellipse y coordinate

$address = "0x" .substr(Keccak::hash(substr(hex2bin($uncompressedPublicKey), 1), 256), 24); How to get the Y coordinate / uncompressed public key, and then get the address?

It's easy to miss and you spot it when one decryption in few hundred gives garbage results for no apparent reason. This is notably a different behavior from other libraries.

Is it possible to verifcate admob server-side-verification? They use ECDSA with SHA256.

Given is a public key from https://www.gstatic.com/admob/reward/verifier-keys.json But how to use this key for verification?

AdMob Documentation: https://developers.google.com/admob/android/rewarded-video-ssv#manual_verification_of_rewarded_video_ssv

Can you help me?

How to get compact sing for spec256k1 ?

it is the same to secp256k1_ecdsa_recoverable_signature_serialize_compact from https://github.com/bitcoin-core/secp256k1/blob/1e6f1f5ad5e7f1e3ef79313ec02023902bf8175c/include/secp256k1_recovery.h#L63

    If you talking about [this](https://eklitzke.org/bitcoin-transaction-malleability) and forcing to use smaller s value in signature, we do not have it, because our lib is strict elliptic math, without implementation focused on bitcoin/blockchain or something. But if you need that, you can check this

<?php

require_once("vendor/autoload.php");

use Elliptic\EC;
use Elliptic\EC\Signature;

function getNegativeSignature($ec, $sig) {
    $res = new Signature($sig);
    $res->s = $res->s->neg()->add($ec->n);
    return $res;
}

$ec = new EC('secp256k1');
$key = $ec->genKeyPair();
$msg = 'ab4c3451';
$signature = $key->sign($msg);
$negativeSignature = getNegativeSignature($ec, $signature);

echo "Normal signature:   " . $signature->toDER('hex') . "\n";
echo "Negative signature: " . $negativeSignature->toDER('hex') . "\n";

echo "Verify normal:   " . (($key->verify($msg, $signature) == TRUE) ? "true" : "false") . "\n";
echo "Verify negative: " . (($key->verify($msg, $negativeSignature) == TRUE) ? "true" : "false") . "\n";

if ($signature->s->cmp($negativeSignature->s) < 0) {
    echo "Normal is canonical\n";
}
else {
    echo "Negative is canonical\n";
}

Originally posted by @ldudzsim in https://github.com/simplito/elliptic-php/issues/22#issuecomment-578507220

I use this code to get a smaller s value. But how to recalculate "recoveryParam"?

I am trying to verify the signature of a hashed message, and the method used in the description doesn't return the right address :

function verifySignature($message, $signature, $address) {
        $msglen = strlen($message);
        $hash   = Keccak::hash("\x19Ethereum Signed Message:\n{$msglen}{$message}", 256);
        $sign   = ["r" => substr($signature, 2, 64),
            "s" => substr($signature, 66, 64)];
        $recid  = ord(hex2bin(substr($signature, 130, 2))) - 27;
        if ($recid != ($recid & 1))
            return false;

        $ec = new EC('secp256k1');
        $pubkey = $ec->recoverPubKey($hash, $sign, $recid);
        return $address == $this->pubKeyToAddress($pubkey);
    }


$address   = "0xd927a97442c8bce9f18e84de11cac6e54a890ff8";
            $message   = "0xa880c297e04a9a4e1b8856dd4b48c1f6c0b0b82b1da2907b3d16f6ab1357c8b9";
// signature returned by eth.sign(address, message)
            $signature = "0xcd33577b169a3f2a5c835b3ca7dab1d41fa32db4b791c6856319756e7fecc3cb13676706408b019b6dcc3fe28a72f8435390bb0a1572ba241cfd09ae917784511c";

            if ($this->verifySignature($message, $signature, $address)) {
                Log::error("SUCCSS");
            } else {
                Log::error("FAIL");
            }

the address returned by verifySignature (that we try to compare to the original address) is 0xad21644cb255d77dbf4b1ab716cca9797ce3e5bb which is different than the original address.

The problem here is that when not signing the hashed message but the original message it works correctly.

the original message is : "It'sMe MArio". (without the quotes) and the hashing is done by sha3 : web3.utils.sha3(message)

Thank the author for his selfless dedication. I'm a rookie. I want to know how to use this library to generate EOS private key and EOS signature. Can you give me a simple demo

HI,

Is it possible to recover ethereum PubKey from raw transaction using this lib/scripts, like in function elliptic.ec.prototype.recoverPubKey (msg, signature, j, enc) ?

I am trying to verify the signature, but I got the error: Cannot initialize. Here is my code:

public static function verifySignature($hash, $signature, $address) { try { $sign = [ "r" => substr($signature, 0, 64), "s" => substr($signature, 64, 64), ]; $reCid = ord(hex2bin(substr($signature, 128, 2))); if ($reCid != ($reCid & 1)) { return false; } $ec = new EC('secp256k1'); $publicKey = $ec->recoverPubKey($hash, $sign, $reCid); return $address == self::pubKeyToAddress($publicKey); }catch (\Exception $exception) { throw new HashException($exception->getCode(),$exception->getMessage()); } } verifySignature("c230e229e1e7edd299b4c142ac105a84df7c114ef1d6c538ee9e8461f70b2ad3",""W6AdiMNBTRb/a9oa43CFnL+UjpdhJ4QuxfnVQuTY8EB0RQQ2pvWEeIF9c5oMrokVrCmtBiXe4vW3Fvu+mIZ2bwA=","0x38737be4bb9bdB44Fa4367935E087Dad925CE172");

I traced the error and found it threw out when executed to $ec->recoverPubKey($hash, $sign, $reCid);

I'm trying to define and work with an ordinary Edwards curve, but it seems like there's an error in the implementation of the math for ordinary Edwards curves (in comparison, the math for twisted curves doesn't throw any errors).

Undefined property $this->c at https://github.com/simplito/elliptic-php/blob/master/lib/Curve/EdwardsCurve/Point.php#L143

// H = (c * Z1)^2
$h = $this->curve->_mulC($this->c->redMul($this->z))->redSqr();

This is how the elliptic,js code does it: https://github.com/indutny/elliptic/blob/475f066aebd14681591f0f0f18a2abc0ded8c390/lib/elliptic/curve/edwards.js#L252

// H = (c * Z1)^2
var h = this.curve._mulC(this.z).redSqr();

I'm not versed at all in the maths for working with Edwards curve, but this looks like a typo in the php version.