/// <summary> /// Once a transaction has some inputs and outputs added, the signatures in the inputs can be calculated. The /// signature is over the transaction itself, to prove the redeemer actually created that transaction, /// so we have to do this step last. /// </summary> /// <remarks> /// This method is similar to SignatureHash in script.cpp /// </remarks> /// <param name="hashType">This should always be set to SigHash.ALL currently. Other types are unused. </param> /// <param name="wallet">A wallet is required to fetch the keys needed for signing.</param> /// <exception cref="ScriptException"/> public void SignInputs(SigHash hashType, Wallet wallet) { Debug.Assert(_inputs.Count > 0); Debug.Assert(_outputs.Count > 0); // I don't currently have an easy way to test other modes work, as the official client does not use them. Debug.Assert(hashType == SigHash.All); // The transaction is signed with the input scripts empty except for the input we are signing. In the case // where addInput has been used to set up a new transaction, they are already all empty. The input being signed // has to have the connected OUTPUT program in it when the hash is calculated! // // Note that each input may be claiming an output sent to a different key. So we have to look at the outputs // to figure out which key to sign with. var signatures = new byte[_inputs.Count][]; var signingKeys = new EcKey[_inputs.Count]; for (var i = 0; i < _inputs.Count; i++) { var input = _inputs[i]; Debug.Assert(input.ScriptBytes.Length == 0, "Attempting to sign a non-fresh transaction"); // Set the input to the script of its output. input.ScriptBytes = input.Outpoint.ConnectedPubKeyScript; // Find the signing key we'll need to use. var connectedPubKeyHash = input.Outpoint.ConnectedPubKeyHash; var key = wallet.FindKeyFromPubHash(connectedPubKeyHash); // This assert should never fire. If it does, it means the wallet is inconsistent. Debug.Assert(key != null, "Transaction exists in wallet that we cannot redeem: " + Utils.BytesToHexString(connectedPubKeyHash)); // Keep the key around for the script creation step below. signingKeys[i] = key; // The anyoneCanPay feature isn't used at the moment. const bool anyoneCanPay = false; var hash = HashTransactionForSignature(hashType, anyoneCanPay); // Set the script to empty again for the next input. input.ScriptBytes = TransactionInput.EmptyArray; // Now sign for the output so we can redeem it. We use the keypair to sign the hash, // and then put the resulting signature in the script along with the public key (below). using (var bos = new MemoryStream()) { bos.Write(key.Sign(hash)); bos.WriteByte((byte)(((int)hashType + 1) | (anyoneCanPay ? 0x80 : 0))); signatures[i] = bos.ToArray(); } } // Now we have calculated each signature, go through and create the scripts. Reminder: the script consists of // a signature (over a hash of the transaction) and the complete public key needed to sign for the connected // output. for (var i = 0; i < _inputs.Count; i++) { var input = _inputs[i]; Debug.Assert(input.ScriptBytes.Length == 0); var key = signingKeys[i]; input.ScriptBytes = Script.CreateInputScript(signatures[i], key.PubKey); } // Every input is now complete. }
/// <summary> /// Adds the given ECKey to the wallet. There is currently no way to delete keys (that would result in coin loss). /// </summary> public void AddKey(EcKey key) { lock (this) { Debug.Assert(!Keychain.Contains(key)); Keychain.Add(key); } }
/// <summary> /// Once a transaction has some inputs and outputs added, the signatures in the inputs can be calculated. The /// signature is over the transaction itself, to prove the redeemer actually created that transaction, /// so we have to do this step last. /// </summary> /// <remarks> /// This method is similar to SignatureHash in script.cpp /// </remarks> /// <param name="hashType">This should always be set to SigHash.ALL currently. Other types are unused. </param> /// <param name="wallet">A wallet is required to fetch the keys needed for signing.</param> /// <exception cref="ScriptException"/> public void SignInputs(SigHash hashType, Wallet wallet) { Debug.Assert(_inputs.Count > 0); Debug.Assert(_outputs.Count > 0); // I don't currently have an easy way to test other modes work, as the official client does not use them. Debug.Assert(hashType == SigHash.All); // The transaction is signed with the input scripts empty except for the input we are signing. In the case // where addInput has been used to set up a new transaction, they are already all empty. The input being signed // has to have the connected OUTPUT program in it when the hash is calculated! // // Note that each input may be claiming an output sent to a different key. So we have to look at the outputs // to figure out which key to sign with. var signatures = new byte[_inputs.Count][]; var signingKeys = new EcKey[_inputs.Count]; for (var i = 0; i < _inputs.Count; i++) { var input = _inputs[i]; Debug.Assert(input.ScriptBytes.Length == 0, "Attempting to sign a non-fresh transaction"); // Set the input to the script of its output. input.ScriptBytes = input.Outpoint.ConnectedPubKeyScript; // Find the signing key we'll need to use. var connectedPubKeyHash = input.Outpoint.ConnectedPubKeyHash; var key = wallet.FindKeyFromPubHash(connectedPubKeyHash); // This assert should never fire. If it does, it means the wallet is inconsistent. Debug.Assert(key != null, "Transaction exists in wallet that we cannot redeem: " + Utils.BytesToHexString(connectedPubKeyHash)); // Keep the key around for the script creation step below. signingKeys[i] = key; // The anyoneCanPay feature isn't used at the moment. const bool anyoneCanPay = false; var hash = HashTransactionForSignature(hashType, anyoneCanPay); // Set the script to empty again for the next input. input.ScriptBytes = TransactionInput.EmptyArray; // Now sign for the output so we can redeem it. We use the keypair to sign the hash, // and then put the resulting signature in the script along with the public key (below). using (var bos = new MemoryStream()) { bos.Write(key.Sign(hash)); bos.WriteByte((byte) (((int) hashType + 1) | (anyoneCanPay ? 0x80 : 0))); signatures[i] = bos.ToArray(); } } // Now we have calculated each signature, go through and create the scripts. Reminder: the script consists of // a signature (over a hash of the transaction) and the complete public key needed to sign for the connected // output. for (var i = 0; i < _inputs.Count; i++) { var input = _inputs[i]; Debug.Assert(input.ScriptBytes.Length == 0); var key = signingKeys[i]; input.ScriptBytes = Script.CreateInputScript(signatures[i], key.PubKey); } // Every input is now complete. }