the keys are 33 bytes for standard ECDSA public keys and 32 bytes for BIP340 compliant pubkeys, they have the extra bit (it's an extra byte just for 1 bit) as it uses a funny scheme which essentially shaves one bit of security for a much neater format, the way it works is that if it comes out odd (the first, least significant bit) then it inverts (bitwise NOT) and then it can omit that bit and it's a neat 32 bytes, or equal to 4x64 bit words

the schnorr signatures are 64 bytes long, and ecdsa signatures can be anywhere between 62 and 67, iirc, but they are not a consistent length unlike Schnorr, and usually they are 65 bytes, but not always

the reason for the change is that computing it and splicing together protocol messages is easier if you don't have to overflow into another 8 bit word... iirc, the actual modular arithmetic done for schnorr signatures and public keys is done on 4x64bit words, you can see this if you follow the computations into the back end, inside the key is a pair of ModNScalar i forget exactly, i haven't honestly gone that deep into it except to know that you can do some neat things other than just signatures and pubkeys with them, like the scheme bitcoin uses that recovers the key instead of checking a key matches a signature - this was done to save space - and it tests the same because you compare your pubkey with the key it generates, it generates a key either way but it has to match the one you want - but never mind that, that's ancient, NIST/NSA ECDSA bullcrap because they were too cheap to buy out schnorr for his far more efficient algorithm patent

the readme is slightly incorrect also

this version of it DOES fully pass all of the BIP-340 tests, there was an extra 4 that involve variable length messages and it passes them too, i tried to get this fixed in the original in btcd/btcutil but roasbeef said "it wasn't necessary to complete" the changes were simple anyhow, and my library is fully compliant to BIP340, even if you are only ever gonna use it on 32 byte hashes

easy way to avoid this: don't deal in shitcoins, and don't use shitcoin casinos to do exchanges

metamorphosis... i started reading that book but it seemed kinda retarded

probably there is a more detailed account of this incident and it is the origin of the abomination of copyright law

copyright is almost exclusively used by rentseekers and does not in fact benefit creators

just look at the huge publisher monopolies that exist and have existed throughout the 20th century... HMV, RCA, Warner Bros - many many movies and stories have been written about the exact subject of how the copyright law is abused to the detriment of creators

that's not the one you use

and see, the abomination...

decred

here is the proper version, i cleaned all of that up from btcd:

https://mleku.online/git/ec

you need to use the functions in the "schnorr" folder, in my code it is used many times so you can also see there: https://github.com/Hubmakerlabs/replicatr - in the pkg/nostr folder is all the nostr things including event handling, in the event folder is shown the correct method to make and verify BIP-340 signatures and pubkeys

no, 64 bytes only, it's from BIP-340

that extra byte is not going to be correct

if you are using that abomination that the security audit said had no bounds checking, i wouldn't actually trust it

i'm working on getting this going today so when i'm done i'll show you the fixed code

my guess though, is that the bytes have been mishandled somewhere just wouldn't doubt it's in the nip44 encryption code, did anyone actually test it? has it got test units?

no problem, i can git pull now and test commits before i settle them at show time :D

yes, i have a fortnightly meeting coming up and i almost had DMs working that day now i have a chatbot with an auth workaround for NIP-42 madness and tomorrow i'll be implementing some commands and the actual ACL (will be based on a special private event type stored and not published by the relay)

btw it's very nice running coracle local, just that little bit fasterer

and my own relay as well... that is also extra

hurrah, i have a stable base to use to demo my relay

*whew* finally

man, this stretched my day out a lot... i need some sleep real bad now

and now it's working sorry to @ you for nothing

was clearly due to bugs in prior commits, now running current

nostr:nprofile1qyfhwumn8ghj7mmxve3ksctfdch8qatz9uqsuamnwvaz7tmwdaejumr0dshszxthwden5te0dphkgmrzdajzumn0wd68yvfwvdhk6tcqyztuwzjyxe4x2dwpgken87tna2rdlhpd02va5cvvgrrywpddnr3jyhdw0my

as you can see it's not picking up the kind 0s and pulling the data

i've tried with and without the image proxy and dufflepud, to no avail, i can only assume that there's something on the other end that's in the way

it also isn't connecting to my relay to send events to it for the chat

probably it will just work tomorrow morning when i try it but my point here is not to run some competitor to your site, just to not be subject to trying to do a demo of my relay and you upload a new version and my demo is not happening

if i need to run my own dufflepud and image proxy, ok, fine but is that what's causing this?

url is https://coracle.mleku.online and yes it's running right now you can see it

there is far bigger problems at play if someone just taking your code and using it somewhere else makes them a lot more money than you

probably they have other things going on, some might be moral, some might be corrupt

the act of copying and deploying the code is not part of the corrupt part

it is ungentlemanly, perhaps, if all else is in order but usually there's some corruption going on

don't make the mistake of trying to evaluate a situation based on simple rules when the circumstances are never ever simple

if you see someone doing this who also displays psychopathic tendencies, then they probably have stolen resources or corrupt access to other stolen resources and where should you be looking for the problem?

the little guy who gets lucky running your code on their server?

or the cabal of shady motherfuckers who are already flush with cash and are doing it to suppress your earning capacity?

copying an idea is a cost to the copier

i can't believe you don't know about the original copyright case

dude sat down for 3 months copying the vulgate, first english translation of the bible

guy who lent it to him sued him and the king ruled in favour of the owner of the book saying the book was like a cow and the offspring of the cow was his property

for real, you can look it up

3 months. imagine... 3 months you sat there with your quill and ink, spent who knows how much of your time and resources to copy this thing and then the king says the whole copy you made goes to the guy who lent you the book?

pretty steep rent bro

enforced by who?

God?

you haven't thought this through

open source is a great way for corps to get free testers on one side but on teh other side that's how science works too

just cos you have teh code doesn't mean you know how to deploy it or how to attract users to bring in the money, and plus... that's the whole thing about bitcoin and lightning, it is a mechanism for that, which didn't exist before and as such we were saddled with the advertising monetisation model and shitty subscriptions and... lastly

how do you expect people to be able to trust to run your code if you only provide it in binary format or something? like, come on, think about it, the whole closed source, proprietary copyright thing is a fraud from the get go but it's not just a fraud it's something that is just begging to be broken

how long does it take for any given closed source software to be cracked so anyone can run it without programmatically enforced limits?

about 5 days i bet

there's guys who have been doing this for literally 30-40 years and they aren't gonna quit because that's their sport, by day they write embedded software

i did this blunder years ago buying bromo dragonfly and it turned out there was like 10 people in the world who knew about it who knew about the dark web

but you have to copy that file to each user who uses it to run it

not such a big problem for relays

but clients

lol

then what?

ideas are free, even specific implementations of ideas

the physical thing generated by the implementation is the thing that is scarce, because it has to be worth doing

btw not sure if you noticed but it also sometimes just jammed up and stopped posting events to relays until you refreshed then it made you log in again

that crypto audit was hilarious

didn't mean anything, idk what the fuck they even did it for

the NIP-44 #golang impl is awful, i've pulled it into my codebase but i will be refactoring it to be sane, absolutely awful code, like C programmer style, including wild lack of bounds checking