nectargraphenebase.ecdsasig module

nectargraphenebase.ecdsasig.compressedPubkey(pk: Any) → bytes

Return the 33-byte compressed secp256k1 public key for the given public-key object.

Parameters:

pk: Public-key object (coincurve.PublicKey, account.PublicKey, or bytes).

Returns:

bytes: 33-byte compressed public key.

nectargraphenebase.ecdsasig.recoverPubkeyParameter(message: bytes | str | None, digest: bytes, signature: bytes, pubkey: Any) → int | None

Determine the ECDSA recovery parameter (0–3) that, when used with the given digest and 64-byte signature (R||S), reproduces the provided public key.

Attempts each recovery index i in 0..3, recovers a candidate public key, and compares its compressed form to the compressed form of the supplied pubkey. If a match is found returns the matching index; otherwise returns None.

Returns:

int: matching recovery parameter in 0..3, or None if no match is found.

nectargraphenebase.ecdsasig.recover_public_key(digest: bytes, signature: bytes, i: int, message: bytes | None = None) → PublicKey | None

Recover the secp256k1 public key from an ECDSA signature and message hash.

If message is provided, the function will recover the public key using the message. Otherwise, it recovers the public key using the digest.

Parameters:

digest (bytes): The message hash (big-endian) used when signing. signature (bytes): 64-byte signature consisting of r||s (raw concatenation). i (int): Recovery identifier (0..3) selecting which of the possible curve points to use. message (bytes, optional): Original message to verify against.

Returns:

coincurve.PublicKey on success, None on failure (if message is None), or raises InvalidSignature (if message is not None).

Raises:

InvalidSignature: If signature verification fails when message is provided.

nectargraphenebase.ecdsasig.sign_message(message: str | bytes, wif: str, hashfn: Callable = <built-in function openssl_sha256>) → bytes

Sign a message using a private key in Wallet Import Format (WIF) and return a compact, canonical ECDSA signature.

Signs the provided message with secp256k1 ECDSA-SHA256 using the private key derived from the given WIF. The function repeats signing as needed until it produces a canonical 64-byte R||S signature (both R and S encoded as 32 bytes). It also computes the recovery parameter for the signature and encodes it into the first byte of the returned blob.

Parameters:

message (bytes or str): Message to sign. If a str is provided it is encoded as UTF-8 before hashing. wif (str): Private key in Wallet Import Format (WIF). hashfn (callable, optional): Hash function to apply to the message prior to recovery-parameter computation; defaults to hashlib.sha256.

Returns:

bytes: 65-byte compact signature: 1-byte recovery/version prefix (recovery parameter adjusted for compact/compressed form) followed by the 64-byte R||S sequence.

nectargraphenebase.ecdsasig.verify_message(message: str | bytes, signature: str | bytes, hashfn: Callable = <built-in function openssl_sha256>, recover_parameter: int | None = None) → bytes | None

Verify an ECDSA secp256k1 signature against a message and return the signer’s compressed public key.

Parameters:

message (bytes or str): The message to verify. If a str, it will be UTF-8 encoded. signature (bytes or str): 65-byte compact signature where the first byte encodes the recovery parameter/version and the remaining 64 bytes are R||S. If a str, it will be UTF-8 encoded. hashfn (callable): Hash function constructor used to compute the digest of the message (default: hashlib.sha256). Note: The actual verification uses SHA256 regardless of this parameter. recover_parameter (int, optional): Explicit recovery parameter (0–3). If omitted, it is extracted from the signature’s first byte.

Returns:

bytes: The 33-byte compressed public key of the recovered signer on successful verification.

Notes:

• Cryptographic verification errors (e.g., invalid signature) will propagate as raised exceptions.