Module 06
Signatures
OP_CHECKSIG is the opcode that makes Bitcoin ownership meaningful. It verifies that a digital signature was produced by the private key corresponding to a given public key — without revealing the private key itself.
What you'll learn
- →Describe what OP_CHECKSIG verifies and what inputs it needs
- →Place sig and pubkey in the correct stack order
- →Use OP_CHECKSIGVERIFY as a non-pushing verification step
- →Understand why the simulator uses test vectors instead of real ECDSA
01
How OP_CHECKSIG works
OP_CHECKSIG pops two items: a public key (top) and a signature (second). It verifies the signature against the transaction hash using ECDSA, then pushes 1 (valid) or 0 (invalid).
Signatures in Bitcoin use DER encoding. In this simulator we use a fixed test-vector pair instead of real ECDSA — real signature validation requires the full transaction context. The mechanics are identical; only the key material is synthetic.
Test vectors
Signature (71 bytes, DER-encoded)
0x304402200102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2002202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f4001
Public key (33 bytes, compressed)
0x0279be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
OP_CHECKSIGPush sig then pubkey then OP_CHECKSIG. Valid pair → 1 on the stack.
↑ top of stack
nothing here yet
press Step or Run to push an item
What OP_CHECKSIG actually signs
02
OP_CHECKSIGVERIFY
OP_CHECKSIGVERIFY behaves exactly like OP_CHECKSIG but does not push a result — instead it immediately fails the script if the signature is invalid. It's the composition of OP_CHECKSIG + OP_VERIFY.
Use it when the script must proceed only if the signature is valid and you don't want the boolean left on the stack.
OP_CHECKSIGVERIFYValid sig → CHECKSIGVERIFY passes → OP_1 completes the script. No boolean left from the check.
↑ top of stack
nothing here yet
press Step or Run to push an item
03
Your turn
Verify the test-vector signature
Ctrl+Enter to check