To redeem a particular transaction output, the spender needs to provide transaction signature and his pubkey:
<sig><pubkey> DUP HASH160 <address> EQUALVERIFY CHECKSIG
The provided pubkey will get (duplicated and) hashed HASH160(SHA56(pubkey)) and compared to the provided address. But how can this pubkey hash be equal to the address when the address also has checksum and network prefix? Does that mean the extra data gets removed from the script at some point? Also, is there any reason why provided address is in hex format instead of base58?
it isnt the address that goes into the output script, but the rmd160 20 bytes of binary
doing a base58 decode on the address, you can make sure the checksum is valid and you end up with an address type, followed by 20 bytes (160 bits) and it is these 20 bytes that goes where you have <address> in the above.
<sig> <pubkey> <pubkey> HASH160 <rmd160 from address> EQUALVERIFY CHECKSIG
<pubkey> HASH160 -> that does the rmd160(sha256(pubkey)) and it should generate the identical 20 bytes:
<sig> <pubkey> <rmd160 from address> <rmd160 from address> EQUALVERIFY CHECKSIG
<rmd160 from address> <rmd160 from address> EQUALVERIFY -> verifies match or errors
which leaves us with:
<sig> <pubkey> CHECKSIG
and the CHECKSIG makes sure the pubkey is from the privkey that did the signing
http://www.cs.princeton.edu/~tongbinw/bitcoinIDE/build/editor.html doesnt support all the script opcodes, but for most of the standard ones allows to single step and see things run and is a good way to learn the scripts