Struct secp256k1::Secp256k1

source · []
pub struct Secp256k1<C: Context> { /* private fields */ }
Expand description

The secp256k1 engine, used to execute all signature operations.

Implementations

Available on crate feature alloc only.

Lets you create a context in a generic manner (sign/verify/all).

If rand-std feature is enabled, context will have been randomized using thread_rng. If rand-std feature is not enabled please consider randomizing the context as follows:

let mut ctx = Secp256k1::new();
// let seed = <32 bytes of random data>
ctx.seeded_randomize(&seed);
Available on crate feature alloc only.

Creates a new Secp256k1 context with all capabilities.

If rand-std feature is enabled, context will have been randomized using thread_rng. If rand-std feature is not enabled please consider randomizing the context (see docs for Secp256k1::gen_new()).

Available on crate feature alloc only.

Creates a new Secp256k1 context that can only be used for signing.

If rand-std feature is enabled, context will have been randomized using thread_rng. If rand-std feature is not enabled please consider randomizing the context (see docs for Secp256k1::gen_new()).

Available on crate feature alloc only.

Creates a new Secp256k1 context that can only be used for verification.

If rand-std feature is enabled, context will have been randomized using thread_rng. If rand-std feature is not enabled please consider randomizing the context (see docs for Secp256k1::gen_new()).

Lets you create a context with preallocated buffer in a generic manner(sign/verify/all)

Creates a new Secp256k1 context with all capabilities

Uses the ffi secp256k1_context_preallocated_size to check the memory size needed for a context.

Create a context from a raw context.

Safety

This is highly unsafe, due to the number of conditions that aren’t checked.

  • raw_ctx needs to be a valid Secp256k1 context pointer. that was generated by exactly the same code/version of the libsecp256k1 used here.
  • The capabilities (All/SignOnly/VerifyOnly) of the context must match the flags passed to libsecp256k1 when generating the context.
  • The user must handle the freeing of the context(using the correct functions) by himself.
  • Violating these may lead to Undefined Behavior.

Creates a new Secp256k1 context that can only be used for signing.

Uses the ffi secp256k1_context_preallocated_size to check the memory size needed for the context.

Create a context from a raw context.

Safety

This is highly unsafe, due to the number of conditions that aren’t checked.

  • raw_ctx needs to be a valid Secp256k1 context pointer. that was generated by exactly the same code/version of the libsecp256k1 used here.
  • The capabilities (All/SignOnly/VerifyOnly) of the context must match the flags passed to libsecp256k1 when generating the context.
  • The user must handle the freeing of the context(using the correct functions) by himself.
  • This list is not exhaustive, and any violation may lead to Undefined Behavior.

Creates a new Secp256k1 context that can only be used for verification

Uses the ffi secp256k1_context_preallocated_size to check the memory size needed for the context.

Create a context from a raw context.

Safety

This is highly unsafe, due to the number of conditions that aren’t checked.

  • raw_ctx needs to be a valid Secp256k1 context pointer. that was generated by exactly the same code/version of the libsecp256k1 used here.
  • The capabilities (All/SignOnly/VerifyOnly) of the context must match the flags passed to libsecp256k1 when generating the context.
  • The user must handle the freeing of the context(using the correct functions) by himself.
  • This list is not exhaustive, and any violation may lead to Undefined Behavior.
👎 Deprecated since 0.21.0:

Use sign_ecdsa_recoverable instead.

Constructs a signature for msg using the secret key sk and RFC6979 nonce. Requires a signing-capable context.

Constructs a signature for msg using the secret key sk and RFC6979 nonce Requires a signing-capable context.

Constructs a signature for msg using the secret key sk and RFC6979 nonce and includes 32 bytes of noncedata in the nonce generation via inclusion in one of the hash operations during nonce generation. This is useful when multiple signatures are needed for the same Message and SecretKey while still using RFC6979. Requires a signing-capable context.

👎 Deprecated since 0.21.0:

Use recover_ecdsa instead.

Determines the public key for which sig is a valid signature for msg. Requires a verify-capable context.

Determines the public key for which sig is a valid signature for msg. Requires a verify-capable context.

👎 Deprecated since 0.21.0:

Use sign_ecdsa instead.

Constructs a signature for msg using the secret key sk and RFC6979 nonce Requires a signing-capable context.

Constructs a signature for msg using the secret key sk and RFC6979 nonce Requires a signing-capable context.

Constructs a signature for msg using the secret key sk and RFC6979 nonce and includes 32 bytes of noncedata in the nonce generation via inclusion in one of the hash operations during nonce generation. This is useful when multiple signatures are needed for the same Message and SecretKey while still using RFC6979. Requires a signing-capable context.

👎 Deprecated since 0.21.0:

Use sign_ecdsa_grind_r instead.

Constructs a signature for msg using the secret key sk, RFC6979 nonce and “grinds” the nonce by passing extra entropy if necessary to produce a signature that is less than 71 - bytes_to_grind bytes. The number of signing operation performed by this function is exponential in the number of bytes grinded. Requires a signing capable context.

Constructs a signature for msg using the secret key sk, RFC6979 nonce and “grinds” the nonce by passing extra entropy if necessary to produce a signature that is less than 71 - bytes_to_grind bytes. The number of signing operation performed by this function is exponential in the number of bytes grinded. Requires a signing capable context.

👎 Deprecated since 0.21.0:

Use sign_ecdsa_low_r instead.

Constructs a signature for msg using the secret key sk, RFC6979 nonce and “grinds” the nonce by passing extra entropy if necessary to produce a signature that is less than 71 bytes and compatible with the low r signature implementation of bitcoin core. In average, this function will perform two signing operations. Requires a signing capable context.

Constructs a signature for msg using the secret key sk, RFC6979 nonce and “grinds” the nonce by passing extra entropy if necessary to produce a signature that is less than 71 bytes and compatible with the low r signature implementation of bitcoin core. In average, this function will perform two signing operations. Requires a signing capable context.

👎 Deprecated since 0.21.0:

Use verify_ecdsa instead

Checks that sig is a valid ECDSA signature for msg using the public key pubkey. Returns Ok(()) on success. Note that this function cannot be used for Bitcoin consensus checking since there may exist signatures which OpenSSL would verify but not libsecp256k1, or vice-versa. Requires a verify-capable context.

let message = Message::from_slice(&[0xab; 32]).expect("32 bytes");
let sig = secp.sign(&message, &secret_key);
assert_eq!(secp.verify(&message, &sig, &public_key), Ok(()));

let message = Message::from_slice(&[0xcd; 32]).expect("32 bytes");
assert_eq!(secp.verify(&message, &sig, &public_key), Err(Error::IncorrectSignature));

Checks that sig is a valid ECDSA signature for msg using the public key pubkey. Returns Ok(()) on success. Note that this function cannot be used for Bitcoin consensus checking since there may exist signatures which OpenSSL would verify but not libsecp256k1, or vice-versa. Requires a verify-capable context.

let message = Message::from_slice(&[0xab; 32]).expect("32 bytes");
let sig = secp.sign_ecdsa(&message, &secret_key);
assert_eq!(secp.verify_ecdsa(&message, &sig, &public_key), Ok(()));

let message = Message::from_slice(&[0xcd; 32]).expect("32 bytes");
assert_eq!(secp.verify_ecdsa(&message, &sig, &public_key), Err(Error::IncorrectSignature));
👎 Deprecated since 0.21.0:

Use sign_schnorr instead.

Available on crate feature rand-std only.

Create a schnorr signature internally using the ThreadRng random number generator to generate the auxiliary random data.

Available on crate feature rand-std only.

Create a schnorr signature internally using the ThreadRng random number generator to generate the auxiliary random data.

👎 Deprecated since 0.21.0:

Use sign_schnorr_no_aux_rand instead.

Create a schnorr signature without using any auxiliary random data.

Create a schnorr signature without using any auxiliary random data.

👎 Deprecated since 0.21.0:

Use sign_schnorr_with_aux_rand instead.

Create a Schnorr signature using the given auxiliary random data.

Create a Schnorr signature using the given auxiliary random data.

👎 Deprecated since 0.21.0:

Use sign_schnorr_with_rng instead.

Available on crate feature rand only.

Create a schnorr signature using the given random number generator to generate the auxiliary random data.

Available on crate feature rand only.

Create a schnorr signature using the given random number generator to generate the auxiliary random data.

👎 Deprecated since 0.21.0:

Use verify_schnorr instead.

Verify a Schnorr signature.

Verify a Schnorr signature.

👎 Deprecated since 0.21.0:

Use kp = KeyPair::new() and kp.x_only_public_key().0

Available on crate feature rand only.

Generates a random Schnorr KeyPair and its associated Schnorr XOnlyPublicKey.

Convenience function for KeyPair::new and KeyPair::public_key. Requires a signing-capable context.

Getter for the raw pointer to the underlying secp256k1 context. This shouldn’t be needed with normal usage of the library. It enables extending the Secp256k1 with more cryptographic algorithms outside of this crate.

Returns the required memory for a preallocated context buffer in a generic manner(sign/verify/all).

Available on crate feature rand only.

(Re)randomizes the Secp256k1 context for extra sidechannel resistance.

Requires compilation with “rand” feature. See comment by Gregory Maxwell in libsecp256k1.

(Re)randomizes the Secp256k1 context for extra sidechannel resistance given 32 bytes of cryptographically-secure random data; see comment in libsecp256k1 commit d2275795f by Gregory Maxwell.

Available on crate feature rand only.

Generates a random keypair. Convenience function for SecretKey::new and PublicKey::from_secret_key.

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Returns the “default value” for a type. Read more

Executes the destructor for this type. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.