network.nerve.core.crypto

类 ECKey

java.lang.Object

network.nerve.core.crypto.ECKey

public class ECKey
extends Object

Represents an elliptic curve public and (optionally) private key, usable for digital signatures but not encryption. Creating a new ECKey with the empty constructor will generate a new random keypair. Other static methods can be used when you already have the public or private parts. If you create a key with only the public part, you can check signatures but not create them.

ECKey also provides access to Bitcoin Core compatible text message signing, as accessible via the UI or JSON-RPC. This is slightly different to signing raw bytes - if you want to sign your own data and it won't be exposed as text to people, you don't want to use this. If in doubt, ask on the mailing list.

The ECDSA algorithm supports key recovery in which a signature plus a couple of discriminator bits can be reversed to find the public key used to calculate it. This can be convenient when you have a message and a signature and want to find out who signed it, rather than requiring the user to provide the expected identity.

This class supports a variety of serialization forms. The methods that accept/return byte arrays serialize private keys as raw byte arrays and public keys using the SEC standard byte encoding for public keys. Signatures are encoded using ASN.1/DER inside the Bitcoin protocol.

A key can be compressed or uncompressed. This refers to whether the public key is represented when encoded into bytes as an (x, y) coordinate on the elliptic curve, or whether it's represented as just an X co-ordinate and an extra byte that carries a sign bit. With the latter form the Y coordinate can be calculated dynamically, however, because the binary serialization is different the address of a key changes if its compression status is changed. If you deviate from the defaults it's important to understand this: money sent to a compressed version of the key will have a different address to the same key in uncompressed form. Whether a public key is compressed or not is recorded in the SEC binary serialisation format, and preserved in a flag in this class so round-tripping preserves state. Unless you're working with old software or doing unusual things, you can usually ignore the compressed/uncompressed distinction.

嵌套类概要

嵌套类

限定符和类型	类和说明
static class	ECKey.ECDSASignature Groups the two components that make up a signature, and provides a way to encode to DER form, which is how ECDSA signatures are represented when embedded in other data structures in the Bitcoin protocol.
static class	ECKey.MissingPrivateKeyException

字段概要

字段

限定符和类型	字段和说明
static Comparator<ECKey>	AGE_COMPARATOR Sorts oldest keys first, newest last.
protected long	creationTimeSeconds
static org.bouncycastle.crypto.params.ECDomainParameters	CURVE The parameters of the secp256k1 curve that Bitcoin uses.
protected EncryptedData	encryptedPrivateKey
static boolean	FAKE_SIGNATURES If this global variable is set to true, sign() creates a dummy signature and verify() always returns true.
static BigInteger	HALF_CURVE_ORDER Equal to CURVE.getN().shiftRight(1), used for canonicalising the S value of a signature.
protected BigInteger	priv
protected LazyECPoint	pub
static Comparator<ECKey>	PUBKEY_COMPARATOR Compares pub key bytes using UnsignedBytes.lexicographicalComparator()
static int	SIGNUM

构造器概要

构造器

限定符	构造器和说明
	ECKey() Generates an entirely new keypair.
	ECKey(BigInteger privKey, byte[] pubKey, boolean compressed) 已过时。
protected	ECKey(BigInteger priv, org.bouncycastle.math.ec.ECPoint pub)
protected	ECKey(BigInteger priv, LazyECPoint pub)
	ECKey(byte[] privKeyBytes, byte[] pubKey) 已过时。
	ECKey(SecureRandom secureRandom) Generates an entirely new keypair with the given SecureRandom object.

方法概要

限定符和类型	方法和说明
static org.bouncycastle.math.ec.ECPoint	compressPoint(org.bouncycastle.math.ec.ECPoint point) Utility for compressing an elliptic curve point.
static LazyECPoint	compressPoint(LazyECPoint point)
ECKey	decompress() Returns a copy of this key, but with the public point represented in uncompressed form.
static org.bouncycastle.math.ec.ECPoint	decompressPoint(org.bouncycastle.math.ec.ECPoint point) Utility for decompressing an elliptic curve point.
static LazyECPoint	decompressPoint(LazyECPoint point)
protected byte[]	doSign(byte[] input, BigInteger privateKeyForSigning) 用私钥对数据进行签名
byte	findRecoveryId(Sha256Hash hash, ECKey.ECDSASignature sig) Returns the recovery ID, a byte with value between 0 and 3, inclusive, that specifies which of 4 possible curve points was used to sign a message.
static ECKey	fromASN1(byte[] asn1privkey) Construct an ECKey from an ASN.1 encoded private key.
static ECKey	fromEncrypted(EncryptedData encryptedPrivateKey, byte[] pubKey) 根据EncryptedData和公钥生成ECKey
static ECKey	fromPrivate(BigInteger privKey) Creates an ECKey given the private key only.
static ECKey	fromPrivate(BigInteger privKey, boolean compressed) Creates an ECKey given the private key only.
static ECKey	fromPrivate(byte[] privKeyBytes) Creates an ECKey given the private key only.
static ECKey	fromPrivate(byte[] privKeyBytes, boolean compressed) Creates an ECKey given the private key only.
static ECKey	fromPrivateAndPrecalculatedPublic(BigInteger priv, org.bouncycastle.math.ec.ECPoint pub) Creates an ECKey that simply trusts the caller to ensure that point is really the result of multiplying the generator point by the private key.
static ECKey	fromPrivateAndPrecalculatedPublic(byte[] priv, byte[] pub) Creates an ECKey that simply trusts the caller to ensure that point is really the result of multiplying the generator point by the private key.
static ECKey	fromPublicOnly(byte[] pub) Creates an ECKey that cannot be used for signing, only verifying signatures, from the given encoded point.
static ECKey	fromPublicOnly(org.bouncycastle.math.ec.ECPoint pub) Creates an ECKey that cannot be used for signing, only verifying signatures, from the given point.
long	getCreationTimeSeconds() Returns the creation time of this key or zero if the key was deserialized from a version that did not store that data.
EncryptedData	getEncryptedData() An alias for getEncryptedPrivateKey()
EncryptedData	getEncryptedPrivateKey() Returns the the encrypted private key bytes and initialisation vector for this ECKey, or null if the ECKey is not encrypted.
String	getPrivateKeyAsHex()
BigInteger	getPrivKey() Gets the private key in the form of an integer field element.
byte[]	getPrivKeyBytes() Returns a 32 byte array containing the private key.
byte[]	getPubKey() Gets the raw public key value.
byte[]	getPubKeyHash() Gets the hash160 form of the public key (as seen in addresses).
org.bouncycastle.math.ec.ECPoint	getPubKeyPoint() Gets the public key in the form of an elliptic curve point object from Bouncy Castle.
String	getPublicKeyAsHex()
byte[]	getSecretBytes() A wrapper for getPrivKeyBytes() that returns null if the private key bytes are missing or would have to be derived (for the HD key case).
int	hashCode()
boolean	hasPrivKey() Returns true if this key has unencrypted access to private key bytes.
boolean	isCompressed() Returns whether this key is using the compressed form or not.
static boolean	isPubKeyCanonical(byte[] pubkey) Returns true if the given pubkey is canonical, i.e. the correct length taking into account compression.
boolean	isPubKeyOnly() Returns true if this key doesn't have unencrypted access to private key bytes.
static boolean	isValidPrivteHex(String privateHex) 验证16进制私钥字符串是否正确
static byte[]	publicKeyFromPrivate(BigInteger privKey, boolean compressed) Returns public key bytes from the given private key.
static org.bouncycastle.math.ec.ECPoint	publicPointFromPrivate(BigInteger privKey) Returns public key point from the given private key.
static ECKey	recoverFromSignature(int recId, ECKey.ECDSASignature sig, Sha256Hash message, boolean compressed) Given the components of a signature and a selector value, recover and return the public key that generated the signature according to the algorithm in SEC1v2 section 4.1.6.
void	setCreationTimeSeconds(long newCreationTimeSeconds) Sets the creation time of this key.
void	setEncryptedPrivateKey(EncryptedData encryptedPrivateKey)
byte[]	sign(byte[] hash) 用私钥对数据进行签名
byte[]	sign(Sha256Hash hash) 用私钥对数据进行签名
boolean	verify(byte[] hash, byte[] signature) Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key.
static boolean	verify(byte[] data, byte[] signature, byte[] pub) Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key.
static boolean	verify(byte[] data, ECKey.ECDSASignature signature, byte[] pub) Verifies the given ECDSA signature against the message bytes using the public key bytes.
boolean	verify(Sha256Hash sigHash, ECKey.ECDSASignature signature) Verifies the given R/S pair (signature) against a hash using the public key.
void	verifyOrThrow(byte[] hash, byte[] signature) Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key, and throws an exception if the signature doesn't match
void	verifyOrThrow(Sha256Hash sigHash, ECKey.ECDSASignature signature) Verifies the given R/S pair (signature) against a hash using the public key, and throws an exception if the signature doesn't match

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

字段详细资料

SIGNUM

public static final int SIGNUM

另请参阅:

常量字段值

AGE_COMPARATOR

public static final Comparator<ECKey> AGE_COMPARATOR

Sorts oldest keys first, newest last.

PUBKEY_COMPARATOR

public static final Comparator<ECKey> PUBKEY_COMPARATOR

Compares pub key bytes using UnsignedBytes.lexicographicalComparator()

CURVE

public static final org.bouncycastle.crypto.params.ECDomainParameters CURVE

The parameters of the secp256k1 curve that Bitcoin uses.

HALF_CURVE_ORDER

public static final BigInteger HALF_CURVE_ORDER

Equal to CURVE.getN().shiftRight(1), used for canonicalising the S value of a signature. If you aren't sure what this is about, you can ignore it.

priv

protected final BigInteger priv

pub

protected final LazyECPoint pub

creationTimeSeconds

protected long creationTimeSeconds

encryptedPrivateKey

protected EncryptedData encryptedPrivateKey

FAKE_SIGNATURES

public static boolean FAKE_SIGNATURES

If this global variable is set to true, sign() creates a dummy signature and verify() always returns true. This is intended to help accelerate unit tests that do a lot of signing/verifying, which in the debugger can be painfully slow.

构造器详细资料

ECKey

public ECKey()

Generates an entirely new keypair. Point compression is used so the resulting public key will be 33 bytes (32 for the co-ordinate and 1 byte to represent the y bit).

ECKey

public ECKey(SecureRandom secureRandom)

Generates an entirely new keypair with the given SecureRandom object. Point compression is used so the resulting public key will be 33 bytes (32 for the co-ordinate and 1 byte to represent the y bit).

ECKey

protected ECKey(@Nullable
                BigInteger priv,
                org.bouncycastle.math.ec.ECPoint pub)

ECKey

protected ECKey(@Nullable
                BigInteger priv,
                LazyECPoint pub)

ECKey

@Deprecated
public ECKey(@Nullable
                         byte[] privKeyBytes,
                         @Nullable
                         byte[] pubKey)

已过时。

Creates an ECKey given only the private key bytes. This is the same as using the BigInteger constructor, but is more convenient if you are importing a key from elsewhere. The public key will be automatically derived from the private key.

ECKey

@Deprecated
public ECKey(@Nullable
                         BigInteger privKey,
                         @Nullable
                         byte[] pubKey,
                         boolean compressed)

已过时。

Creates an ECKey given either the private key only, the public key only, or both. If only the private key is supplied, the public key will be calculated from it (this is slow). If both are supplied, it's assumed the public key already correctly matches the private key. If only the public key is supplied, this ECKey cannot be used for signing.

参数:

compressed - If set to true and pubKey is null, the derived public key will be in compressed form.

方法详细资料

compressPoint

public static org.bouncycastle.math.ec.ECPoint compressPoint(org.bouncycastle.math.ec.ECPoint point)

Utility for compressing an elliptic curve point. Returns the same point if it's already compressed. See the ECKey class docs for a discussion of point compression.

compressPoint

public static LazyECPoint compressPoint(LazyECPoint point)

decompressPoint

public static org.bouncycastle.math.ec.ECPoint decompressPoint(org.bouncycastle.math.ec.ECPoint point)

Utility for decompressing an elliptic curve point. Returns the same point if it's already compressed. See the ECKey class docs for a discussion of point compression.

decompressPoint

public static LazyECPoint decompressPoint(LazyECPoint point)

fromASN1

public static ECKey fromASN1(byte[] asn1privkey)

Construct an ECKey from an ASN.1 encoded private key. These are produced by OpenSSL and stored by Bitcoin Core in its wallet. Note that this is slow because it requires an EC point multiply.

fromPrivate

public static ECKey fromPrivate(BigInteger privKey)

Creates an ECKey given the private key only. The public key is calculated from it (this is slow). The resulting public key is compressed.

fromPrivate

public static ECKey fromPrivate(BigInteger privKey,
                                boolean compressed)

Creates an ECKey given the private key only. The public key is calculated from it (this is slow), either compressed or not.

fromPrivate

public static ECKey fromPrivate(byte[] privKeyBytes)

Creates an ECKey given the private key only. The public key is calculated from it (this is slow). The resulting public key is compressed.

fromPrivate

public static ECKey fromPrivate(byte[] privKeyBytes,
                                boolean compressed)

Creates an ECKey given the private key only. The public key is calculated from it (this is slow), either compressed or not.

fromPrivateAndPrecalculatedPublic

public static ECKey fromPrivateAndPrecalculatedPublic(BigInteger priv,
                                                      org.bouncycastle.math.ec.ECPoint pub)

Creates an ECKey that simply trusts the caller to ensure that point is really the result of multiplying the generator point by the private key. This is used to speed things up when you know you have the right values already. The compression state of pub will be preserved.

fromPrivateAndPrecalculatedPublic

public static ECKey fromPrivateAndPrecalculatedPublic(byte[] priv,
                                                      byte[] pub)

Creates an ECKey that simply trusts the caller to ensure that point is really the result of multiplying the generator point by the private key. This is used to speed things up when you know you have the right values already. The compression state of the point will be preserved.

fromPublicOnly

public static ECKey fromPublicOnly(org.bouncycastle.math.ec.ECPoint pub)

Creates an ECKey that cannot be used for signing, only verifying signatures, from the given point. The compression state of pub will be preserved.

fromEncrypted

public static ECKey fromEncrypted(EncryptedData encryptedPrivateKey,
                                  byte[] pubKey)

根据EncryptedData和公钥生成ECKey

参数:

encryptedPrivateKey - 私钥封装类

pubKey - 公钥

返回:

ECKey

fromPublicOnly

public static ECKey fromPublicOnly(byte[] pub)

Creates an ECKey that cannot be used for signing, only verifying signatures, from the given encoded point. The compression state of pub will be preserved.

decompress

public ECKey decompress()

Returns a copy of this key, but with the public point represented in uncompressed form. Normally you would never need this: it's for specialised scenarios or when backwards compatibility in encoded form is necessary.

isPubKeyOnly

public boolean isPubKeyOnly()

Returns true if this key doesn't have unencrypted access to private key bytes. This may be because it was never given any private key bytes to begin with (a watching key), or because the key is encrypted. You can use

hasPrivKey

public boolean hasPrivKey()

Returns true if this key has unencrypted access to private key bytes. Does the opposite of isPubKeyOnly().

publicKeyFromPrivate

public static byte[] publicKeyFromPrivate(BigInteger privKey,
                                          boolean compressed)

Returns public key bytes from the given private key. To convert a byte array into a BigInteger, use new BigInteger(1, bytes);

publicPointFromPrivate

public static org.bouncycastle.math.ec.ECPoint publicPointFromPrivate(BigInteger privKey)

Returns public key point from the given private key. To convert a byte array into a BigInteger, use new BigInteger(1, bytes);

getPubKeyHash

public byte[] getPubKeyHash()

Gets the hash160 form of the public key (as seen in addresses).

getPubKey

public byte[] getPubKey()

Gets the raw public key value. This appears in transaction scriptSigs. Note that this is not the same as the pubKeyHash/address.

getPubKeyPoint

public org.bouncycastle.math.ec.ECPoint getPubKeyPoint()

Gets the public key in the form of an elliptic curve point object from Bouncy Castle.

getPrivKey

public BigInteger getPrivKey()

Gets the private key in the form of an integer field element. The public key is derived by performing EC point addition this number of times (i.e. point multiplying).

抛出:

IllegalStateException - if the private key bytes are not available.

isCompressed

public boolean isCompressed()

Returns whether this key is using the compressed form or not. Compressed pubkeys are only 33 bytes, not 64.

isValidPrivteHex

public static boolean isValidPrivteHex(String privateHex)

验证16进制私钥字符串是否正确

返回:

boolean 正确返回true,否则返回false

sign

public byte[] sign(byte[] hash)

用私钥对数据进行签名

参数:

hash - 需签名数据

返回:

byte[] 签名

doSign

protected byte[] doSign(byte[] input,
                        BigInteger privateKeyForSigning)

用私钥对数据进行签名

参数:

input - 需签名数据

privateKeyForSigning - 私钥

返回:

byte[] 签名

verify

public static boolean verify(byte[] data,
                             ECKey.ECDSASignature signature,
                             byte[] pub)

Verifies the given ECDSA signature against the message bytes using the public key bytes.

When using native ECDSA verification, data must be 32 bytes, and no element may be larger than 520 bytes.

参数:

data - Hash of the data to verify.

signature - ASN.1 encoded signature.

pub - The public key bytes to use.

verify

public static boolean verify(byte[] data,
                             byte[] signature,
                             byte[] pub)

Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key.

参数:

data - Hash of the data to verify.

signature - ASN.1 encoded signature.

pub - The public key bytes to use.

抛出:

Exception - if the signature is unparseable in some way.

sign

public byte[] sign(Sha256Hash hash)

用私钥对数据进行签名

参数:

hash - 需签名数据

返回:

byte[] 签名

verify

public boolean verify(Sha256Hash sigHash,
                      ECKey.ECDSASignature signature)

Verifies the given R/S pair (signature) against a hash using the public key.

verifyOrThrow

public void verifyOrThrow(byte[] hash,
                          byte[] signature)
                   throws Exception,
                          SignatureException

Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key, and throws an exception if the signature doesn't match

抛出:

Exception - if the signature is unparseable in some way.

SignatureException - if the signature does not match.

verifyOrThrow

public void verifyOrThrow(Sha256Hash sigHash,
                          ECKey.ECDSASignature signature)
                   throws SignatureException

Verifies the given R/S pair (signature) against a hash using the public key, and throws an exception if the signature doesn't match

抛出:

SignatureException - if the signature does not match.

isPubKeyCanonical

public static boolean isPubKeyCanonical(byte[] pubkey)

Returns true if the given pubkey is canonical, i.e. the correct length taking into account compression.

findRecoveryId

public byte findRecoveryId(Sha256Hash hash,
                           ECKey.ECDSASignature sig)

Returns the recovery ID, a byte with value between 0 and 3, inclusive, that specifies which of 4 possible curve points was used to sign a message. This value is also referred to as "v".

抛出:

RuntimeException - if no recovery ID can be found.

recoverFromSignature

@Nullable
public static ECKey recoverFromSignature(int recId,
                                                   ECKey.ECDSASignature sig,
                                                   Sha256Hash message,
                                                   boolean compressed)

Given the components of a signature and a selector value, recover and return the public key that generated the signature according to the algorithm in SEC1v2 section 4.1.6.

The recId is an index from 0 to 3 which indicates which of the 4 possible keys is the correct one. Because the key recovery operation yields multiple potential keys, the correct key must either be stored alongside the signature, or you must be willing to try each recId in turn until you find one that outputs the key you are expecting.

If this method returns null it means recovery was not possible and recId should be iterated.

Given the above two points, a correct usage of this method is inside a for loop from 0 to 3, and if the output is null OR a key that is not the one you expect, you try again with the next recId.

参数:

recId - Which possible key to recover.

sig - the R and S components of the signature, wrapped.

message - Hash of the data that was signed.

compressed - Whether or not the original pubkey was compressed.

返回:

An ECKey containing only the public part, or null if recovery wasn't possible.

getPrivKeyBytes

public byte[] getPrivKeyBytes()

Returns a 32 byte array containing the private key.

getCreationTimeSeconds

public long getCreationTimeSeconds()

Returns the creation time of this key or zero if the key was deserialized from a version that did not store that data.

setCreationTimeSeconds

public void setCreationTimeSeconds(long newCreationTimeSeconds)

Sets the creation time of this key. Zero is a convention to mean "unavailable". This method can be useful when you have a raw key you are importing from somewhere else.

getSecretBytes

@Nullable
public byte[] getSecretBytes()

A wrapper for getPrivKeyBytes() that returns null if the private key bytes are missing or would have to be derived (for the HD key case).

getEncryptedData

@Nullable
public EncryptedData getEncryptedData()

An alias for getEncryptedPrivateKey()

getEncryptedPrivateKey

@Nullable
public EncryptedData getEncryptedPrivateKey()

Returns the the encrypted private key bytes and initialisation vector for this ECKey, or null if the ECKey is not encrypted.

setEncryptedPrivateKey

public void setEncryptedPrivateKey(EncryptedData encryptedPrivateKey)

hashCode

public int hashCode()

覆盖:

hashCode 在类中 Object

getPrivateKeyAsHex

public String getPrivateKeyAsHex()

getPublicKeyAsHex

public String getPublicKeyAsHex()

verify

public boolean verify(byte[] hash,
                      byte[] signature)

Verifies the given ASN.1 encoded ECDSA signature against a hash using the public key.

参数:

hash - Hash of the data to verify.

signature - ASN.1 encoded signature.