recoverPublicKey static method

ECDSAPublicKey recoverPublicKey({
  1. required List<int> message,
  2. required List<int> signature,
  3. String messagePrefix = BitcoinSignerUtils.signMessagePrefix,
})

Recovers the ECDSA public key from a Bitcoin signed message.

This method extracts the public key from a 65-byte compact ECDSA signature, which includes a recovery ID in the first byte. It is used to verify Bitcoin-signed messages (BIP-137).

  • message: The original message that was signed.
  • signature: A 65-byte Bitcoin signature (including the recovery ID).
  • messagePrefix (optional): A custom prefix for the signed message (default is Bitcoin's standard prefix).

Implementation

static ECDSAPublicKey recoverPublicKey(
    {required List<int> message,
    required List<int> signature,
    String messagePrefix = BitcoinSignerUtils.signMessagePrefix}) {
  if (signature.length != 65) {
    throw const CryptoSignException(
        "bitcoin signature must be 65 bytes with recover-id");
  }
  final List<int> messgaeHash = QuickCrypto.sha256Hash(
      BitcoinSignerUtils.magicMessage(message, messagePrefix));
  int header = signature[0];
  signature = signature.sublist(1);
  final ecdsaSignature =
      ECDSASignature.fromBytes(signature, BitcoinSignerUtils.generator);

  if (header < 27 || header > 42) {
    throw CryptoSignException("Header byte out of range");
  }
  if (header >= 39) {
    header -= 12;
  } else if (header >= 35) {
    header -= 8;
  } else if (header >= 31) {
    header -= 4;
  }
  header -= 27;
  if (header > 1) {
    header -= 2;
  }
  return ecdsaSignature.recoverPublicKey(
      messgaeHash, BitcoinSignerUtils.generator, header);
}