压缩公钥前缀应该为0x02或0x03
tkblack opened this issue · 1 comments
tkblack commented
根据通用的ecc压缩公钥规则,y为偶数时使用0x02前缀,y为基数时使用0x03前缀。本项目中并没有遵守该规则,存在和其他包的兼容性问题。
func Compress(a *PublicKey) []byte {
buf := []byte{}
**yp := getLastBit(a.Y)**
buf = append(buf, a.X.Bytes()...)
if n := len(a.X.Bytes()); n < 32 {
buf = append(zeroByteSlice()[:(32-n)], buf...)
}
**buf = append([]byte{byte(yp)}, buf...)**
return buf
}
xuyang2 commented
一般似乎都是将 Y 坐标的最后一位加上 0x02 作为前缀值,这样前缀将是 0x02 或 0x03
tjfoc/gmsm 之前也是这么实现的,
后来才修改成现在这样,把 +2 去掉了,前缀变成 0x00 或 0x01 了
见 1310b78
相关资料和代码实现:
- https://tools.ietf.org/html/rfc5480
- https://tools.ietf.org/id/draft-jivsov-ecc-compact-05.html
- https://stackoverflow.com/a/30431547/399274
- https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm
- https://stackoverflow.com/questions/46283760/how-to-uncompress-a-single-x9-62-compressed-point-on-an-ecdh-p256-curve-in-go
- https://github.com/emmansun/gmsm/blob/11628e586974405a5ee3c18c4d616b2d9c8f0f82/sm2/util.go#L30
- https://github.com/fenixnix/Ascii/blob/bdc928281784c32f6a453a56eb4d1271d14379e6/golang/blockChain/RecoverPubKey/main.go#L108