Elliptic curve public key type. Two constructors are provided for creating compressed and uncompressed public keys from a Point. The use of compressed keys is preferred as it produces shorter keys without compromising security. Uncompressed keys are supported for backwards compatibility.

Returns True if the public key is valid. This will check if the public key point lies on the curve.

Returns True if the public key is uncompressed

Derives a public key from a private key. This function will preserve information on key compression (PrvKey becomes PubKey and PrvKeyU becomes PubKeyU)

Computes an Address value from a public key

Add a public key to a private key defined by its Hash256 value. This will transform the private key into a public key and add the respective public key points together. This is provided as a helper for BIP32 wallet implementations. This function fails for uncompressed keys and returns Nothing if the private key value is >= than the order of the curve N.

Elliptic curve private key type. Two constructors are provided for creating compressed or uncompressed private keys. Compression information is stored in private key WIF formats and needs to be preserved to generate the correct addresses from the corresponding public key.

Returns True if the private key is valid. This will check if the integer value representing the private key is greater than 0 and smaller than the curve order N.

Builds a compressed private key from an Integer value. Returns Nothing if the Integer would not produce a valid private key. For security, the Integer needs to be generated from a random source with sufficient entropy.

Builds an uncompressed private key from an Integer value. Returns Nothing if the Integer would not produce a valid private key. For security, the Integer needs to be generated from a random source with sufficient entropy.

Returns the Integer value of a private key

Returns True of the private key is uncompressed

Add two private keys together. One of the keys is defined by a Hash256. The functions fails on uncompressed private keys and return Nothing if the Hash256 is smaller than the order of the curve N. This is provided as a helper for implementing BIP32 wallets.

Serialize a private key into the Data.Binary.Put monad as a 32 byte big endian ByteString. This is useful when a constant length serialization format for private keys is required

Deserializes a compressed private key from the Data.Binary.Get monad as a 32 byte big endian ByteString.

Deserializes an uncompressed private key from the Data.Binary.Get monad as a 32 byte big endian ByteString

Decodes a private key from a WIF encoded String. This function can fail if the input string does not decode correctly as a base 58 string or if the checksum fails. http://en.bitcoin.it/wiki/Wallet_import_format

Encodes a private key into WIF format

StateT monad stack tracking the internal state of HMAC DRBG pseudo random number generator using SHA-256. The SecretT monad is run with the withSource function by providing it a source of entropy.

Run a SecretT monad by providing it a source of entropy. You can use devURandom, devRandom or provide your own entropy source function.

/dev/urandom entropy source. This is only available on machines supporting it. This function is meant to be used together with withSource.

/dev/random entropy source. This is only available on machines supporting it. This function is meant to be used together with withSource.

Produce a new PrvKey randomly from the SecretT monad.

Data type representing an ECDSA signature.

Safely sign a message inside the SecretT monad. The SecretT monad will generate a new nonce for each signature.

Sign a message using ECDSA deterministic signatures as defined by RFC 6979 http://tools.ietf.org/html/rfc6979

Verify an ECDSA signature

Returns True if the S component of a Signature is <= order/2. Signatures need to pass this test to be canonical.

Data type representing a 512 bit unsigned integer. It is implemented as an Integer modulo 2^512.

Data type representing a 256 bit unsigned integer. It is implemented as an Integer modulo 2^256.

Data type representing a 160 bit unsigned integer. It is implemented as an Integer modulo 2^160.

Data type representing a 32 bit checksum

Computes SHA-512.

Computes SHA-512 and returns the result as a bytestring.

Computes SHA-256.

Computes SHA-256 and returns the result as a bytestring.

Computes RIPEMD-160.

Computes RIPEMD-160 and returns the result as a bytestring.

Computes two rounds of SHA-256.

Computes two rounds of SHA-256 and returns the result as a bytestring.

Computes a 32 bit checksum.

Computes HMAC over SHA-512.

Computes HMAC over SHA-512 and return the result as a bytestring.

Computes HMAC over SHA-256.

Computes HMAC over SHA-256 and return the result as a bytestring.

Split a Hash512 into a pair of Hash256.

Join a pair of Hash256 into a Hash512.

Data type representing a Bitcoin address

Decodes an Address from a base58 encoded String. This function can fail if the String is not properly encoded as base58 or the checksum fails.

Transforms an Address into a base58 encoded String

Encode a bytestring to a base 58 representation.

Decode a base 58 encoded bytestring. This can fail if the input bytestring contains invalid base 58 characters such as 0,O,l,I

Computes a checksum for the input bytestring and encodes the input and the checksum to a base 58 representation.

Decode a base 58 encoded bytestring that contains a checksum. This function returns Nothing if the input bytestring contains invalid base 58 characters or if the checksum fails.