How do I turn an 88 byte ECDSA public key into a 65 byte uncompressed or 33 byte compressed key for use with bitcoin

Question

In my situation my private key is in an HSM. I cannot access it for use with the various bitcoin golang libraries. Most of the functions require the private key "in-use". Although in my case, I can generate the signature later used for signing with an HSM API, I can't use the remainder of the library because of this issue.

https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm

Hence the question, How do I turn an 88 byte ECDSA public key into a 65 byte uncompressed or 33 byte compressed key for use with bitcoin?

Answer 1

When you say, 88 byte ECDSA public key, I think what you are actually referring to is a 65-byte uncompressed public key, which has been base64-encoded. Base64 encoding requires 4 characters for every 3 bytes encoded, then the string's length is padded up to a multiple of 4. S0, base64-encoding 65 bytes would result in a base64-encoded string 88 characters long.

Assuming your are given a base64-encoded string 88 characters in length, like so:

 BFCGOtZKh66KL+g8GvGoQDy1P1PkhthRHa2KBIh+WyNSLNRwJDRTopn6nncjdxYQOrwRod84hV7W8u4YfpxYK6Y=

You can convert it to hexadecimal using the following command:

echo -n 'BFCGOtZKh66KL+g8GvGoQDy1P1PkhthRHa2KBIh+WyNSLNRwJDRTopn6nncjdxYQOrwRod84hV7W8u4YfpxYK6Y=' | base64 -d | xxd -p

which produces:

0450863ad64a87ae8a2fe83c1af1a8403cb53f53e486d8511dad8a04887e5b23522cd470243453a299fa9e77237716103abc11a1df38855ed6f2ee187e9c582ba6

As you can see, this is 65 bytes (each pair of hexadecimal characters represents one byte). The first hexadecimal character is 04 (to signify a 65-byte uncompressed public key), followed by the 32-byte X value, followed by the 32-byte Y value.

---

Edit

Thank you for your comment. This is helpful.

The hex string that you provided is:

3056301006072a8648ce3d020106052b8104000a034200049bb8e80670371f45508b5f8f59946a7c4dea4b3a23a036cf24c1f40993f4a1daad1716de8bd664ecb4596648d722a4685293de208c1d2da9361b9cba74c3d1ec

The first 23 bytes are just ASN.1 stuff. The remaining 65 bytes contain the uncompressed public key.

049bb8e80670371f45508b5f8f59946a7c4dea4b3a23a036cf24c1f40993f4a1daad1716de8bd664ecb4596648d722a4685293de208c1d2da9361b9cba74c3d1ec

The first hexadecimal character is 04 (to signify a 65-byte uncompressed public key), followed by the 32-byte X value, followed by the 32-byte Y value. So, the X and Y values are:

X:  9bb8e80670371f45508b5f8f59946a7c4dea4b3a23a036cf24c1f40993f4a1da
Y:  ad1716de8bd664ecb4596648d722a4685293de208c1d2da9361b9cba74c3d1ec

To check if this is correct, we can verify that the point (X, Y) is on the secp256k1 curve, using the short python script below, based on the definition of the secp256k1 curve. The script prints True if the point is on the curve, and False if not:

a=0
b=7
p=0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f
x=0x9bb8e80670371f45508b5f8f59946a7c4dea4b3a23a036cf24c1f40993f4a1da
y=0xad1716de8bd664ecb4596648d722a4685293de208c1d2da9361b9cba74c3d1ec

ispoint=(y * y - x * x * x - a * x - b) % p == 0 
print(ispoint)

Running the script prouduces:

True

*As always, when playing with Bitcoin addresses, be sure that you have the correct private key corresponding with your Bitcoin address before sending a large amount of Bitcoin to this address. You might want to send a small amount of Bitcoin to the address first, and check that you can then spend these coins (using the private key to sign the transaction), before sending a large amount of Bitcoin to this address.