Wednesday, February 21, 2024
HomeBitcointransactions - I Get "Non-canonical DER signature" Error

transactions – I Get “Non-canonical DER signature” Error

Because the error message says, your signature will not be DER encoded.

An ECDSA signature consists of two integers, R and s. DER is a technique of encoding them. DER for a signature specifies that the signature start with the byte 0x30, adopted by the size in bytes of the remainder of the signature, then we now have a 0x02 byte adopted by R‘s size in bytes adopted by R itself as a signed integer, and lastly we now have a 0x02 byte adopted by s‘s size in bytes, adopted by s itself as a signed integer.

For Bitcoin particularly, that is then adopted by a single byte to point the sighash sort.

Let’s attempt to decode your signature to see the place it went incorrect:

  • 30 – That is good, that is the prefix we anticipate for correct DER encoding
  • 46 – The size of the signature needs to be 70 bytes. This appears right as 70 bytes later we’re on the finish of the signature
  • 02 – That is the right prefix for an integer
  • 21 – This tells us the size of R, 33 bytes
  • 009b3beae48e8b1cf4224c2b608815fb67a26f5f006feed0a66ec50e17863175c4R itself
  • 02 – That is the right prefix for an integer
  • 20 – This tells us the size of s, 32 bytes
  • 2029edc4dcb9d7545185c56490ae44b3fad5da1df67d5b773b1fb14a9723e68fs itself

However we’re really not on the finish of the signature, we now have an additional byte of 0x05.

The query is, is among the lengths incorrect, or is the s incorrect. My supposition is that the s is incorrect. For the secp256k1 curve that Bitcoin makes use of, each R and s are 256 bit integers. Because of this their most worth is 32 bytes lengthy. Since DER makes use of signed integers the place it interprets probably the most vital bit because the signedness indicator, we will get 33 byte R and s values solely when that MSB is ready, and the ensuing 33 bytes will at all times start with a 0x00 byte. That almost all vital byte can’t be something apart from 0, in any other case the worth can be bigger than 256 bits.

Since your s begins with a 0x20 byte, it couldn’t have really been a 33 byte s. That will imply it is bigger than 256 bits and due to this fact invalid. Nonetheless, contemplating that it’s 0x20 I feel what may have occurred is that you have by chance duplicated the 0x20 dimension prefix for DER encoding.

If that’s what occurred, then dropping that first 0x20 out of your s ought to repair the issue. Do not forget that doing so will change the scale of your signature, so you have to to switch the DER dimension worth in addition to the scale within the Bitcoin script.

Authentic Reply

Because the error message says, your signature will not be DER encoded. The size of the DER sequence is brief by one byte. You have got 0x44 however it needs to be 0x45.

Nonetheless I feel your signature simply has an precise additional 0x20 in it prefixing the second integer, relatively than your signature really being one byte brief.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments