BitCore vs BitCoinjs

bedeho · January 25, 2015, 12:30pm

Hi,

I am trying to decide if I should use BitCore or BitCoinjs for a project I am doing, and to that end I would like some clarifications about BitCore.

Suppose I have a P2PKH output TxOut, a signature Sig1, and a transaction TxSpend.

Does BitCore allow me to check if Sig1 allows TxSpend to spend TxOut? If so how, I cannot see this in the docs. Importantly, TxOut and TxSpend may not actually be in the blockchain, only offline.

Is it possible to provide different sighash types in such a signature check?

Suppose I have a P2SH multisig output TxOut, two signatures Sig1 and Sig2, and a transaction TxSpend.

Does BitCore allow me to do the same test in this case?

braydon · January 27, 2015, 5:03am

Looks this it may be missing in the docs, however take a look at bitcore.Script.Interpreter. It’s translated from bitcoind’s VerifyScript.

bedeho · January 27, 2015, 7:13am

Great, that looks like exactly what I need.

Perhaps I can follow up then with another related question.

Is there a way to sign a transaction which gives you the signature directly?

The docs explain how you can sign transaction inputs by using tx.sign() and providing a set of keys. This presumably results in the transaction scriptSigs being altered. What is the best way of recovering these signatures out from these scriptSigs?

esteban · January 27, 2015, 2:01pm

Hi there!

You can use the internal namespace for signing transactions: https://github.com/bitpay/bitcore/blob/master/lib/transaction/sighash.js

Sorry about the lack of documentation for it, it’s kinda internal. As I review this issue, the sighash namespace is not exposed, so I opened a pull request to add it https://github.com/bitpay/bitcore/pull/1004.

You can get a signature by doing:

var sighash = require('bitcore/lib/transaction/sighash');

var signature = sighash.sign(spendTx, privateKey, sighashType, inputIndex, scriptPubKey);

// Verification
var ok = sighash.verify(spendTx, signature, publicKey, inputIndex, scriptPubKey);

The scriptPubKey is the script of the UTXO. It could be a buffer, or bitcore Script instance.

That signature is going to be a buffer in DER format, ready to be appended.

Let me know if you have any further doubts.

Esteban

esteban · January 27, 2015, 2:19pm

We have a rolling release schema, expect this to be released by tomorrow so you can use it on the browser (that require('bitcore/...some...internal...path') won’t work after browserification)

bedeho · January 31, 2015, 10:14am

-Thank you, that was very helpful!

I am trying to do what I described, but to that end I am having a hard time
adding an input to my transaction.

It appears there is no way of building a transaction using only
OutputPoints, for whatever reason, adding an input requires you to specify
the value of the corresponding output? e.g.

transaction.from({‘txid’: ‘0000…’, vout: 0, amount: 0.1,
scriptPubKey: ‘OP_DUP
…’});

Why do you have to specify amount here? I also looked at the Input classes,
and they all seemed to require this.

esteban · January 31, 2015, 9:06pm

Transaction looks quite underdocumented regarding its internals. I’ll try to improve these docs through next week.

That output information is used in order to know how much the transaction amount and calculate the change amount.

If it’s getting too cumbersome to you to use, you can retrieve this data using bitcore-explorers (https://github.com/bitpay/bitcore-explorers)

You can use the method uncheckedAddInput with new Input({prevTxId: "00...00", outputIndex: 0}) if you want to go around this so you can just serialize the transaction and sign it.

bedeho · February 2, 2015, 9:27am

Thanks esteban, that worked!

Hope you dont mind that I keep asking, will try to limit my self to things Im really struggeling with.

How do you create a P2PKH output script with a given sighash?

Script.buildPublicKeyHashOut does not take a sighash flag, but Script.buildPublicKeyHashIn ironically does?

Same question for Script.buildP2SHMultisigIn/Out.

maraoz · February 2, 2015, 1:39pm

Hey @bedeho. Output scripts are hashtype (sighash) agnostic. Only input scripts can have different types of sighash. That’s why you can’t create a P2PKH output script with a given sighash. For more info see: OP_CHECKSIG - Bitcoin Wiki

Hope this helps.

bedeho · February 2, 2015, 2:34pm

Ah, thanks for clearing that up @maraoz!

bedeho · February 4, 2015, 3:53pm

This suggestion does not seem to allow verification for the multisig case, as verify() only accepts a single signature.

I looked at using Script.Interpreter.verify, however in that case I cannot specify a sighash when I generate the scriptSig with Script.buildP2SHMultisigIn()?

Some advice on what flag to use would be much appreciated: SCRIPT_VERIFY_P2SH ?