crypto: allow importing compact secp256k1 pubkey through recovery

MichaelMure · MichaelMure · commit 46d6ce99351f · 2026-03-24T11:22:05.000+01:00
diff --git a/crypto/secp256k1/key_test.go b/crypto/secp256k1/key_test.go
@@ -4,6 +4,7 @@ import (
 	"encoding/base64"
 	"testing"
 
+	"github.com/decred/dcrd/dcrec/secp256k1/v4/ecdsa"
 	"github.com/stretchr/testify/require"
 
 	"github.com/MetaMask/go-did-it/crypto"
@@ -82,6 +83,24 @@ Uwyag4V8qWsP8e5ZSOOXDSYMplwbsAzsko9NYw4Jy9RHYHwFQ7dV
 	})
 }
 
+func TestPublicKeyFromCompactRecovery(t *testing.T) {
+	pub, priv, err := GenerateKeyPair()
+	require.NoError(t, err)
+
+	message := []byte("test message")
+	hasher := crypto.SHA256.New()
+	hasher.Write(message)
+	hash := hasher.Sum(nil)
+
+	// SignCompact produces a 65-byte compact signature with the recovery flag prepended.
+	compactSig := ecdsa.SignCompact(priv.Unwrap(), hash, true)
+	require.Len(t, compactSig, 65)
+
+	recovered, err := PublicKeyFromCompactRecovery(hash, compactSig)
+	require.NoError(t, err)
+	require.True(t, pub.Equal(recovered))
+}
+
 func TestSignatureASN1(t *testing.T) {
 	// openssl ecparam -genkey -name secp256k1 -noout -out private.pem
 	// openssl ec -in private.pem -pubout -out public.pem
diff --git a/crypto/secp256k1/public.go b/crypto/secp256k1/public.go
@@ -44,6 +44,21 @@ func PublicKeyFromXY(x, y []byte) (*PublicKey, error) {
 	return &PublicKey{k: secp256k1.NewPublicKey(&xf, &yf)}, nil
 }
 
+// PublicKeyFromCompactRecovery recovers the secp256k1 public key from a compact signature
+// and the hash of the signed message. The signature must be 65 bytes:
+// [recovery_flag (1 byte) | R (32 bytes) | S (32 bytes)].
+// Returns an error if recovery fails or the signature is malformed.
+func PublicKeyFromCompactRecovery(hash, signature []byte) (*PublicKey, error) {
+	if len(signature) != 65 {
+		return nil, fmt.Errorf("secp256k1: invalid compact signature length: expected 65 bytes, got %d", len(signature))
+	}
+	pub, _, err := ecdsa.RecoverCompact(signature, hash)
+	if err != nil {
+		return nil, fmt.Errorf("secp256k1: failed to recover public key: %w", err)
+	}
+	return &PublicKey{k: pub}, nil
+}
+
 // PublicKeyFromPublicKeyMultibase decodes the public key from its Multibase form
 func PublicKeyFromPublicKeyMultibase(multibase string) (*PublicKey, error) {
 	code, bytes, err := helpers.PublicKeyMultibaseDecode(multibase)
