|
Title: Verifying BlockCypher transaction skeletons before signing Post by: true-asset on August 30, 2014, 05:55:58 AM Preface:
BlockCypher transaction build and send workflow: http://dev.blockcypher.com/samples/create-tx.html Code: POST https://api.blockcypher.com/v1/btc/main/txs/new Question: What is the easiest way to check that the "tosign" hashes actually correspond to the correct transactions (i.e. is indeed a transaction from the specified "input" to the specified "output")? Solution needs to be pure client side browser JavaScript and be compatible on all modern mobile devices. Title: Re: Verifying BlockCypher transaction skeletons before signing Post by: mriou on August 31, 2014, 08:33:39 PM I really wish I had a better answer to this question but unfortunately it's not possible as-is. The data that gets signed and later checked by the OP_CHECKSIG operation is a hash of the transaction data, and this is how the scripts work, not something we can change. So the details of the transaction can't be extracted and checked anymore after hashed.
What we could do is, provided an option, return you the transaction data. You would have to hash it yourself before signing but at least all the information would still be there. Verification would still be not trivial though as you'd have to Base58 decode the address. Provided all that, I have a function you could get some inspiration from to do the verification (only verifies the output but in practice that's what you really care about): func Check(txdata []byte, outputAddress string) bool { if len(txdata) < 25 { return false } decoded := base58Decode(outputAddress) // 4 last bytes of tx are the lock time, byte before is OP_CHECKSIG, address is right before that // before are the address length, OP_DUP OP_HAS160 and the length of the script output := txdata[len(txdata)-34:] oneoutput := bytes.Compare([]byte{1, 0, 0, 0}, output[0:4]) == 0 checksig := output[4] == 25 && output[5] == 118 && output[6] == 169 && output[7] == 20 && output[28] == 136 && output[29] == 172 addrmatch := bytes.Compare(output[8:28], decoded[1:21]) == 0 return oneoutput && addrmatch && checksig } Title: Re: Verifying BlockCypher transaction skeletons before signing Post by: true-asset on September 01, 2014, 02:21:20 AM mriou that looks like a workable solution. You are correct - I only care about the output address and the amount.
I do not mind if BlockCypher wants to send fund from their another wallet instead as long as the correct amount goes to the recipient :) Title: Re: Verifying BlockCypher transaction skeletons before signing Post by: zinger81 on July 25, 2015, 04:06:18 PM good job 8)
|