Because the error message says, your signature will not be DER encoded.
An ECDSA signature consists of two integers, R
and s
. DER is a technique of encoding them. DER for a signature specifies that the signature start with the byte 0x30
, adopted by the size in bytes of the remainder of the signature, then we now have a 0x02
byte adopted by R
‘s size in bytes adopted by R
itself as a signed integer, and lastly we now have a 0x02
byte adopted by s
‘s size in bytes, adopted by s
itself as a signed integer.
For Bitcoin particularly, that is then adopted by a single byte to point the sighash sort.
Let’s attempt to decode your signature to see the place it went incorrect:
30
– That is good, that is the prefix we anticipate for correct DER encoding46
– The size of the signature needs to be 70 bytes. This appears right as 70 bytes later we’re on the finish of the signature02
– That is the right prefix for an integer21
– This tells us the size ofR
, 33 bytes009b3beae48e8b1cf4224c2b608815fb67a26f5f006feed0a66ec50e17863175c4
–R
itself02
– That is the right prefix for an integer20
– This tells us the size ofs
, 32 bytes2029edc4dcb9d7545185c56490ae44b3fad5da1df67d5b773b1fb14a9723e68f
–s
itself
However we’re really not on the finish of the signature, we now have an additional byte of 0x05
.
The query is, is among the lengths incorrect, or is the s
incorrect. My supposition is that the s
is incorrect. For the secp256k1 curve that Bitcoin makes use of, each R
and s
are 256 bit integers. Because of this their most worth is 32 bytes lengthy. Since DER makes use of signed integers the place it interprets probably the most vital bit because the signedness indicator, we will get 33 byte R
and s
values solely when that MSB is ready, and the ensuing 33 bytes will at all times start with a 0x00
byte. That almost all vital byte can’t be something apart from 0, in any other case the worth can be bigger than 256 bits.
Since your s
begins with a 0x20
byte, it couldn’t have really been a 33 byte s
. That will imply it is bigger than 256 bits and due to this fact invalid. Nonetheless, contemplating that it’s 0x20
I feel what may have occurred is that you have by chance duplicated the 0x20
dimension prefix for DER encoding.
If that’s what occurred, then dropping that first 0x20
out of your s
ought to repair the issue. Do not forget that doing so will change the scale of your signature, so you have to to switch the DER dimension worth in addition to the scale within the Bitcoin script.
Authentic Reply
Because the error message says, your signature will not be DER encoded. The size of the DER sequence is brief by one byte. You have got 0x44
however it needs to be 0x45
.
Nonetheless I feel your signature simply has an precise additional 0x20
in it prefixing the second integer, relatively than your signature really being one byte brief.