pull down to refresh
100 sats \ 0 replies \ @btc101 25 Jan \ on: ELI5: How do I programmatically create a Segwit transaction? bitcoin_beginners
The step-by-step guide mentioned in original post contains good enough info. The usage of the term "sighash" in original post seems to be incorrect. The appearance of "sighash" in the guide is what sighash usually mean.
To spend P2WPKH UTXO, the signature required is on the 10 items shown in Section 4.
Just before Section 4.1.1, it lists out the exact message to be signed.
Double SHA-256 the above and you get
4876161197833dd58a1a2ba20728633677f38b9a7513a4d7d3714a7f7d3a1fa2
Assuming you use libsecp256k1, this is the byte array msghash32 for secp256k1_ecdsa_sign and secp256k1_ecdsa_verify.
48 is at offset 0, a2 is at offset 31.
In ECDSA page of Wikipedia, there is a mention of e=HASH(m). In signing P2WPKH spend, e=double_sha256(10 items). This means
e=4876161197833dd58a1a2ba20728633677f38b9a7513a4d7d3714a7f7d3a1fa2
48 is most significant byte, a2 is least significant byte.
The following checks out as valid ECDSA signature.
One potential confusion might arise on the signature shown in guide is because it is not deterministic and thus not reproducible.
If you use libsecp256k1 which follows RFC6979 to sign, the signature would be
which is also valid.