BitCore vs BitCoinjs


I am trying to decide if I should use BitCore or BitCoinjs for a project I am doing, and to that end I would like some clarifications about BitCore.

  1. Suppose I have a P2PKH output TxOut, a signature Sig1, and a transaction TxSpend.

Does BitCore allow me to check if Sig1 allows TxSpend to spend TxOut? If so how, I cannot see this in the docs. Importantly, TxOut and TxSpend may not actually be in the blockchain, only offline.

Is it possible to provide different sighash types in such a signature check?

  1. Suppose I have a P2SH multisig output TxOut, two signatures Sig1 and Sig2, and a transaction TxSpend.

Does BitCore allow me to do the same test in this case?

Looks this it may be missing in the docs, however take a look at bitcore.Script.Interpreter. It’s translated from bitcoind’s VerifyScript.

Great, that looks like exactly what I need.

Perhaps I can follow up then with another related question.

Is there a way to sign a transaction which gives you the signature directly?

The docs explain how you can sign transaction inputs by using tx.sign() and providing a set of keys. This presumably results in the transaction scriptSigs being altered. What is the best way of recovering these signatures out from these scriptSigs?

Hi there!

You can use the internal namespace for signing transactions:

Sorry about the lack of documentation for it, it’s kinda internal. As I review this issue, the sighash namespace is not exposed, so I opened a pull request to add it

You can get a signature by doing:

var sighash = require('bitcore/lib/transaction/sighash');

var signature = sighash.sign(spendTx, privateKey, sighashType, inputIndex, scriptPubKey);

// Verification
var ok = sighash.verify(spendTx, signature, publicKey, inputIndex, scriptPubKey);

The scriptPubKey is the script of the UTXO. It could be a buffer, or bitcore Script instance.

That signature is going to be a buffer in DER format, ready to be appended.

Let me know if you have any further doubts.


We have a rolling release schema, expect this to be released by tomorrow so you can use it on the browser (that require('bitcore/...some...internal...path') won’t work after browserification)

-Thank you, that was very helpful!

I am trying to do what I described, but to that end I am having a hard time
adding an input to my transaction.

It appears there is no way of building a transaction using only
OutputPoints, for whatever reason, adding an input requires you to specify
the value of the corresponding output? e.g.

transaction.from({‘txid’: ‘0000…’, vout: 0, amount: 0.1,
scriptPubKey: ‘OP_DUP

Why do you have to specify amount here? I also looked at the Input classes,
and they all seemed to require this.

Transaction looks quite underdocumented regarding its internals. I’ll try to improve these docs through next week.

That output information is used in order to know how much the transaction amount and calculate the change amount.

If it’s getting too cumbersome to you to use, you can retrieve this data using bitcore-explorers (

You can use the method uncheckedAddInput with new Input({prevTxId: "00...00", outputIndex: 0}) if you want to go around this so you can just serialize the transaction and sign it.

1 Like

Thanks esteban, that worked!

Hope you dont mind that I keep asking, will try to limit my self to things Im really struggeling with.

How do you create a P2PKH output script with a given sighash?

Script.buildPublicKeyHashOut does not take a sighash flag, but Script.buildPublicKeyHashIn ironically does?

Same question for Script.buildP2SHMultisigIn/Out.

Hey @bedeho. Output scripts are hashtype (sighash) agnostic. Only input scripts can have different types of sighash. That’s why you can’t create a P2PKH output script with a given sighash. For more info see: OP_CHECKSIG - Bitcoin Wiki

Hope this helps.

Ah, thanks for clearing that up @maraoz!

This suggestion does not seem to allow verification for the multisig case, as verify() only accepts a single signature.

I looked at using Script.Interpreter.verify, however in that case I cannot specify a sighash when I generate the scriptSig with Script.buildP2SHMultisigIn()?

Some advice on what flag to use would be much appreciated: SCRIPT_VERIFY_P2SH ?