Signature hash

[MixMAx123]

Can someone please help me to form the signature hash?

I have a real transaction from the blockchain with two inputs: Tx-Hash: 5322109cf04f4230df9f9c370a711290e3e7ae807540540ea766b98b7242cd60
Raw-Tx:
0100000002bdc5113b480998e7e816c4d405ca654b5fa1b2d8ee0e5876201c65007520bfa101000 0006a47304402200c7e17554723bd3e4abef593d3c1936c3c46efcc2f22a985fb38d12c4e450867 0220178c55a6d63ff01d5a4ece5dc897f80ce8dac1f52ff3878e693dbd800745189a012103a0e3d 4870937d5bee6ac40e57635f8cc1a34dd70575c9d24235d7e2346a59ea8fffffffffb703fb0da55 38fcac54e6527ec08a897a75153c712fdd461e0e6a75d7b3fe5d010000006b483045022100fa76e 3f43da6952758932e6a8639a7ec4fc3fe53d44d59daca1d57fce6bbd91f02206cc9724a7afd6ae6 ed11d4e35239e27ef0cf93dec5c5d819fc22bb56715f17ef0121032d3ba2c17b2a3c984515b4182 ca246a8723f46b48f1fb5d729ecbfccd31bed3fffffffff02f9280100000000001976a914d1c1ef 0ae56be297649c66b75edb844c29e32ec888ac408a03000000000017a914ac969e7602e76326224 cf56330fb5e27632a97078700000000


Previous transaction 1: a1bf207500651c2076580eeed8b2a15f4b65ca05d4c416e8e79809483b11c5bd
Previous transaction 2: 5dfeb3d7756a0e1e46dd2f713c15757a898ac07e52e654acfc3855dab03f70fb

Now I have removed both Sig-Scrips and replaced them with the PK-Scripts of the previous transactions:

01000000
02
bdc5113b480998e7e816c4d405ca654b5fa1b2d8ee0e5876201c65007520bfa1
01000000
1976a914f940fb405ca9768c30f00089f1e439ef568c7ee988ac
ffffffff
fb703fb0da5538fcac54e6527ec08a897a75153c712fdd461e0e6a75d7b3fe5d
01000000
1976a914cc05032471be6b8de2ebe86a01b49f1c00b6b72c88ac
ffffffff
02
f928010000000000
1976a914d1c1ef0ae56be297649c66b75edb844c29e32ec888ac
408a030000000000
17a914ac969e7602e76326224cf56330fb5e27632a970787
00000000
01000000

In the end I appended 0x01000000 as the hash type.
If I do SHA256² now, I actually get the Signaur hash:  bc14e82c3ade4155008280c1b65567d7b4d8aff9c10c7f3c6819c854d9e6916b
But this seems to be wrong because the signature with this hash fails.

What am I doing wrong?
Could someone please put the TX together so that the signature-hash is correct?

I'm looking for a tool with which I can display a signature-hash from a Signed Tx.
Can the core do that?

By signature hash, I mean the double SHA256 with which the transaction is signed. So the hash of the original unsigned transaction.

[1714047711]

1714047711

[1714047711]

1714047711

[pooya87]

Now I have removed both Sig-Scrips and replaced them with the PK-Scripts of the previous transactions:

We sign the transactions one input at a time not all at once since each input can need a different key.
What you are doing wrong here is that you have replaced both signature scripts instead of just one. Empty the other one (replace with 0x00) then compute the double SHA256 of it, repeat for the other input and you should have two distinct signature hashes to sign and produce/verify two distinct signatures.

[MixMAx123]

Now I have removed both Sig-Scrips and replaced them with the PK-Scripts of the previous transactions:

We sign the transactions one input at a time not all at once since each input can need a different key.
What you are doing wrong here is that you have replaced both signature scripts instead of just one. Empty the other one (replace with 0x00) then compute the double SHA256 of it, repeat for the other input and you should have two distinct signature hashes to sign and produce/verify two distinct signatures.

hope you can help me again

What about witness transactions?
Is there a guide on how to put together unsigned witness transactions?
Or, can someone please post me an unsigned Witness Raw-Tx with an input and an output?
Exactly in the state before the SHA256² hash is formed as a signature hash.

[pooya87]

What about witness transactions?
Is there a guide on how to put together unsigned witness transactions?

The steps are explained in BIP143 the Specification section

Or, can someone please post me an unsigned Witness Raw-Tx with an input and an output?
Exactly in the state before the SHA256² hash is formed as a signature hash.

BIP143 also has a bunch of examples, the good thing about these examples is that they both have the "sigHash" (the final hash digest you are looking for) and the preimage that was hashed as "hash preimage" (the state you want).
The examples get increasingly complicated.

[MixMAx123]

What about witness transactions?
Is there a guide on how to put together unsigned witness transactions?

The steps are explained in BIP143 the Specification section

Or, can someone please post me an unsigned Witness Raw-Tx with an input and an output?
Exactly in the state before the SHA256² hash is formed as a signature hash.

BIP143 also has a bunch of examples, the good thing about these examples is that they both have the "sigHash" (the final hash digest you are looking for) and the preimage that was hashed as "hash preimage" (the state you want).
The examples get increasingly complicated.

This is very extensive indeed, but it is better than nothing. Thanks so far!
At the moment I can't get any further because I don't know how to create the signature hash for a witness transaction.
More precisely, I don't know where the PK script of the previous transaction should go, or whether it will be inserted at all.

I don't know whether I will be able to get this information from this documentation.
So if anyone here would like to help me, that would be very nice.
It would help a lot if I could see an unsigned raw transaction in Witness format exactly like this before the SHA256² hash is applied for signing.
From that I could then take the information on how to serialize it.


Edit:

Is that what i'm looking for? Is that correct?
If so, then witness transactions are serialized significantly differently.
So if this is true, then I think I can do it that way.
Thanks so far.

Code:

hash preimage: 0100000096b827c8483d4e9b96712b6713a7b68d6e8003a781feba36c31143470b4efd3752b0a642eea2fb7ae638c36f6252b6750293dbe574a806984b8e4d8548339a3bef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a010000001976a9141d0f172a0ecb48aee1be1f2687d2963ae33f71a188ac0046c32300000000ffffffff863ef3e1a92afbfdb97f31ad0fc7683ee943e9abcf2501590ff8f6551f47e5e51100000001000000
  
    nVersion:     01000000
    hashPrevouts: 96b827c8483d4e9b96712b6713a7b68d6e8003a781feba36c31143470b4efd37
    hashSequence: 52b0a642eea2fb7ae638c36f6252b6750293dbe574a806984b8e4d8548339a3b
    outpoint:     ef51e1b804cc89d182d279655c3aa89e815b1b309fe287d9b2b55d57b90ec68a01000000
    scriptCode:   1976a9141d0f172a0ecb48aee1be1f2687d2963ae33f71a188ac
    amount:       0046c32300000000
    nSequence:    ffffffff
    hashOutputs:  863ef3e1a92afbfdb97f31ad0fc7683ee943e9abcf2501590ff8f6551f47e5e5
    nLockTime:    11000000
    nHashType:    01000000
    
  sigHash:      c37af31116d1b27caf68aae9e3ac82f1477929014d5b917657d0eb49478cb670

[pooya87]

Is that what i'm looking for? Is that correct?
If so, then witness transactions are serialized significantly differently.

Yes, as you've already figured out things are very different in SegWit transactions, we no longer hash the entire transaction each time for each input. Instead we first "pre-compute" some hashes that can be reused for all input (hashPrevouts, hashSequence and hashOutputs). Then for each input that we want to sign we compute double SHA256 of:

Code:

[nVersion][hashPrevouts][hashSequence][outpoint][scriptCode][value][nSequence][hashOutputs][nLocktime][sighash type]

only changing the outpoint, scriptcode, value and sequence per input while the rest remain the same (assuming sighashtype is the same for all inputs).
This way if a transaction has a lot of inputs, hashing doesn't become a bottleneck since we are always computing small hashes. For example this last one is usually less than 200 bytes whereas a big transaction could be a couple of kilobytes.

[MixMAx123]

Thank you @pooya87!

You were able to help me very well twice.
I think that I have now understood correctly and that I will get on with your information.

[NotATether]

More precisely, I don't know where the PK script of the previous transaction should go, or whether it will be inserted at all.

In the raw transaction, the corresponding transactions' scriptPubKey are located just after each txin's SHA256d hash of its previous transaction, for P2PKH (which is the type of both of your txin inputs). That's where you should put it. I don't see either of the two transaction IDs you posted in the raw transaction.

Also when you change the scriptSig, make sure you change the value before it that indicates the length of the scriptSig. In your raw transaction they are currently 6a and 6b indicating 106 and 107 byte scriptSig lengths respectively.