The DER Encoding Standard
The DER Encoding Standard
Bitcoin signatures are not stored as raw bytes. Instead, they are wrapped in a standard called DER (Distinguished Encoding Rules). This ensures that different computer systems can parse the $r$ and $s$ values without ambiguity.
1. ASN.1 Structure
DER is a subset of ASN.1, a language used to define data structures. A Bitcoin signature in DER looks like this:
0x30 [TotalLen] 0x02 [rLen] [rData] 0x02 [sLen] [sData] [Sighash]
-
0x30: Signals a "Sequence" of data.
-
0x02: Signals an "Integer."
2. Why the length varies?
You may have noticed that Bitcoin signatures are usually 70, 71, or 72 bytes. This is because of how DER handles "Negative" numbers.
-
In DER, integers are signed.
-
If the first bit of your 256-bit $r$ or $s$ is
1, the computer might think it's a negative number. -
To prevent this, a Zero Byte (
0x00) is added to the front. -
Whether $r$ and $s$ need this extra zero determines if the signature is 70, 71, or 72 bytes.
3. The Sighash Byte
At the very end of every DER signature is an extra byte called the Sighash Type (usually 0x01).
-
This tells the network which parts of the transaction were signed.
-
ALL (0x01): Sign every input and every output. This is the most common.
4. Example Breakdown
Raw Hex: 304502210089...022074...01
-
30: Start Sequence. -
45: Total length (69 bytes). -
02: Start Integer $r$. -
21: Length of $r$ (33 bytes—includes an extra 00 padding). -
0089...: The value of $r$. -
02: Start Integer $s$. -
20: Length of $s$ (32 bytes). -
74...: The value of $s$. -
01: Sighash ALL.
| Byte Pattern | Meaning |
|---|---|
0x30 |
Signature Container |
0x02 |
Integer Start |
0x01 |
Sighash Type (at end) |
In the next section, we will discuss Signature Malleability.
TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation: