You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Socket
Socket
Sign inDemoInstall

bip66

Package Overview
Dependencies
Maintainers
0
Versions
14
Alerts
File Explorer

Advanced tools

npm Scripts
License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

bip66

Strict DER signature encoding/decoding.

Version published
Weekly downloads
154K
decreased by-15%
Maintainers
0
Created
Weekly downloads
 

Package description

What is bip66?

The bip66 npm package is used for encoding and decoding Bitcoin's BIP66 DER signatures. BIP66 is a Bitcoin Improvement Proposal that enforces strict DER (Distinguished Encoding Rules) encoding for signatures, which helps in improving security and interoperability.

What are bip66's main functionalities?

Encoding DER Signatures

This feature allows you to encode 'r' and 's' values into a DER-encoded signature. The 'r' and 's' values are components of an ECDSA signature.

const bip66 = require('bip66');
const r = Buffer.from('...'); // Buffer containing the 'r' value
const s = Buffer.from('...'); // Buffer containing the 's' value
const derSignature = bip66.encode(r, s);
console.log(derSignature);

Decoding DER Signatures

This feature allows you to decode a DER-encoded signature into its 'r' and 's' components. This is useful for verifying or manipulating the signature.

const bip66 = require('bip66');
const derSignature = Buffer.from('...'); // Buffer containing the DER-encoded signature
const { r, s } = bip66.decode(derSignature);
console.log(r, s);

Other packages similar to bip66

    elliptic

    The elliptic package is a comprehensive library for elliptic curve cryptography. It supports various elliptic curve algorithms and provides utilities for encoding and decoding signatures. Compared to bip66, elliptic offers a broader range of cryptographic functionalities beyond just DER encoding and decoding.

    secp256k1

    The secp256k1 package is a native implementation of the secp256k1 elliptic curve used in Bitcoin. It provides functions for signing, verifying, and manipulating ECDSA signatures. While it includes DER encoding and decoding, it is more focused on performance and low-level cryptographic operations compared to bip66.

    bitcoinjs-lib

    The bitcoinjs-lib package is a full-featured library for Bitcoin-related operations, including transaction creation, signing, and verification. It includes utilities for handling DER-encoded signatures as part of its broader functionality. Compared to bip66, bitcoinjs-lib offers a more extensive set of tools for Bitcoin development.

Readme

Source

bip66

NPM Package Build Status

js-standard-style

Strict DER signature encoding/decoding.

See bip66.

  • This module works only with two's complement numbers.
  • BIP66 doesn't check that r or s are fully valid.
    • check/decode doesn't check that r or s great than 33 bytes or that this number represent valid point on elliptic curve.
    • encode doesn't check that r/s represent valid point on elliptic curve.

Example

import * as bip66 from"bip66"
const r = Buffer.from('1ea1fdff81b3a271659df4aad19bc4ef83def389131a36358fe64b245632e777', 'hex')
const s = Buffer.from('29e164658be9ce810921bf81d6b86694785a79ea1e52dbfa5105148d1f0bc1', 'hex')

// Buffer or UInt8Array can be passed in to the encode/decode functions
const signature = bip66.encode(r, s)
// Uint8Array(69) [
//    48,  67,   2,  32,  30, 161, 253, 255, 129, 179, 162,
//   113, 101, 157, 244, 170, 209, 155, 196, 239, 131, 222,
//   243, 137,  19,  26,  54,  53, 143, 230,  75,  36,  86,
//    50, 231, 119,   2,  31,  41, 225, 100, 101, 139, 233,
//   206, 129,   9,  33, 191, 129, 214, 184, 102, 148, 120,
//    90, 121, 234,  30,  82, 219, 250,  81,   5,  20, 141,
//    31,  11, 193
// ]

bip66.decode(signature)
// => {
//   r: Uint8Array(32) [
//      30, 161, 253, 255, 129, 179, 162,
//     113, 101, 157, 244, 170, 209, 155,
//     196, 239, 131, 222, 243, 137,  19,
//      26,  54,  53, 143, 230,  75,  36,
//      86,  50, 231, 119
//   ],
//   s: Uint8Array(31) [
//      41, 225, 100, 101, 139, 233, 206, 129,
//       9,  33, 191, 129, 214, 184, 102, 148,
//     120,  90, 121, 234,  30,  82, 219, 250,
//      81,   5,  20, 141,  31,  11, 193
//   ]
// }

A catch-all exception regex:

/Expected DER (integer|sequence)|(R|S) value (excessively padded|is negative)|(R|S|DER sequence) length is (zero|too short|too long|invalid)/

LICENSE MIT

Keywords

FAQs

Package last updated on 26 Jun 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

How to Mitigate the Risks of Using Open Source Packages with Git Dependencies

Security News

How to Mitigate the Risks of Using Open Source Packages with Git Dependencies

Git dependencies in open source packages can introduce significant risks, including lack of version control, stability issues, dependency drift, and difficulty in auditing, making them potential targets for supply chain attacks.

By Sarah Gooding  -  Jul 26, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc