From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1RqqP6-0005Rs-CS for bitcoin-development@lists.sourceforge.net; Fri, 27 Jan 2012 18:20:04 +0000 X-ACL-Warn: Received: from netmind.hu ([85.17.45.8] helo=mail.netmind.hu) by sog-mx-3.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1RqqP4-0002EQ-V5 for bitcoin-development@lists.sourceforge.net; Fri, 27 Jan 2012 18:20:04 +0000 Received: from [192.168.1.100] (188-195-182-160-dynip.superkabel.de [188.195.182.160]) by mail.netmind.hu (Postfix) with ESMTPSA id BB9CE2E23E4 for ; Fri, 27 Jan 2012 19:17:30 +0100 (CET) Message-ID: <4F22EACA.2080807@netmind.hu> Date: Fri, 27 Jan 2012 19:19:54 +0100 From: =?ISO-8859-1?Q?Brautigam_R=F3bert?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: bitcoin-development@lists.sourceforge.net References: <4F1DBD07.3050904@netmind.hu> <4F1EEB6D.8080004@netmind.hu> In-Reply-To: <4F1EEB6D.8080004@netmind.hu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain X-Headers-End: 1RqqP4-0002EQ-V5 Subject: Re: [Bitcoin-development] ECC Signature Issue X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jan 2012 18:20:04 -0000 Hi, I'll reply to myself here, just to mention that the issue is solved. Dave Hook from Bouncycastle replied that in the particular signature=20 mentioned, one of the ASN1 encoded Integers is actually negative (which=20 is not a valid coordinate for a point on a curve I assume). Since ASN1=20 integers are always signed, one has to pad "big" values with a zero byte=20 to stay positive. Workaround is easy for verification (convert to positive). Robert. On 01/24/2012 06:33 PM, Brautigam R=F3bert wrote: > On 01/23/2012 06:50 PM, Mike Hearn wrote: >>> I double checked that the official (C++) client is indeed successful >>> here. Oddly enough the bitcoinj implementation also seems to fail to >>> verify this transaction, which seems to point in the direction of >>> BouncyCastle (which we both use). ...