P256K.Signing

secp256k1 ECDSA signing namespace providing P256K.Signing.PrivateKey for RFC 6979 deterministic signing and P256K.Signing.PublicKey for signature verification; all produced signatures are lower-S normalized.

iOS 13.0+
macCatalyst 13.0+
macOS 10.15+
tvOS 13.0+
visionOS 1.0+
watchOS 6.0+

enum Signing

Mentioned In

Overview

ECDSA (Elliptic Curve Digital Signature Algorithm) is the legacy signature scheme used in Bitcoin transactions (pre-Taproot) and throughout the wider cryptographic ecosystem. Use P256K.Signing.PrivateKey to sign and P256K.Signing.PublicKey to verify. Both accept Digest inputs for pre-hashed messages and DataProtocol inputs that are hashed with SHA-256 internally before the operation.

Signatures are produced via secp256k1_ecdsa_sign with RFC 6979 deterministic nonce generation and verified via secp256k1_ecdsa_verify (both declared in Vendor/secp256k1/include/secp256k1.h). Taproot-era signing uses P256K.Schnorr instead.

Lower-S Normalization

ECDSA signatures have a mathematical symmetry: (r, s) and (r, -s mod n) both verify against the same message/key pair. Bitcoin’s BIP-146 requires transactions to use the “low-S” form (where s < n/2) to prevent signature malleability. All signatures produced by this library are automatically normalized to lower-S; secp256k1_ecdsa_verify likewise only accepts lower-S signatures.

Topics

Key Types

struct PrivateKey
secp256k1 ECDSA private key for deterministically signing messages and producing P256K.Signing.ECDSASignature values using the secp256k1 curve.
struct PublicKey
secp256k1 ECDSA public key for verifying P256K.Signing.ECDSASignature values, available in compressed (33-byte) or uncompressed (65-byte) serialized form.
struct XonlyKey
The 32-byte x-only form of a secp256k1 P256K.Signing.PublicKey, as defined by BIP-340: the X coordinate of the public key point with implicit even-Y parity unless parity is true.

Signature Types

struct ECDSASignature
64-byte secp256k1 ECDSA signature in libsecp256k1 internal format, convertible to and from DER (variable-length, up to 72 bytes) and compact (exactly 64 bytes) representations.