# Module BSV::Primitives::ECDSA <a id="module-BSV-Primitives-ECDSA"></a>

Deterministic ECDSA signing and verification on secp256k1.

Implements RFC 6979 deterministic nonce generation to produce signatures that
are fully reproducible from the same (key, hash) pair. All signatures are
normalised to low-S form (BIP-62 rule 5).

Typically used indirectly via {PrivateKey#sign} and {PublicKey#verify} rather
than calling this module directly.

## Constants
### `BYTE_LEN` <a id="constant-BYTE_LEN"></a> <a id="BYTE_LEN-constant"></a>
Byte length of a secp256k1 scalar (256 bits).

## Public Class Methods
### `recover_public_key(hash, signature, recovery_id)` <a id="method-c-recover_public_key"></a> <a id="recover_public_key-class_method"></a>
Recover a public key from a signature and recovery ID.

Given a message hash, signature, and the recovery ID produced during signing,
reconstructs the public key that created the signature.
- **@param** `hash` [String] 32-byte message digest that was signed
- **@param** `signature` [Signature] the ECDSA signature
- **@param** `recovery_id` [Integer] recovery ID (0-3)
- **@raise** [ArgumentError] if the recovered point is at infinity
- **@return** [PublicKey] the recovered public key

### `sign(hash, private_key_bn, force_low_s: = false)` <a id="method-c-sign"></a> <a id="sign-class_method"></a>
Sign a 32-byte message hash with a private key.

The signature is always low-S normalised per BIP-62 rule 5, as required by BSV
consensus (`sign_raw` normalises internally). The <code>force_low_s:</code>
keyword makes this explicit at the call site for readability — it is currently
a no-op because `sign_raw` already guarantees low-S. It exists so callers can
document intent without relying on implementation details.
- **@param** `hash` [String] 32-byte message digest
- **@param** `private_key_bn` [OpenSSL::BN] the private key scalar
- **@param** `force_low_s` [Boolean] explicit low-S normalisation (currently
a no-op since +sign_raw+ already guarantees low-S; provided for
documentation intent at call sites)
- **@return** [Signature] a low-S normalised deterministic signature

### `sign_recoverable(hash, private_key_bn)` <a id="method-c-sign_recoverable"></a> <a id="sign_recoverable-class_method"></a>
Sign a hash and return both the signature and recovery ID.

The recovery ID (0-3) allows the public key to be recovered from the signature
without knowing it in advance, as used by Bitcoin Signed Messages (BSM) and
compact signature formats.
- **@param** `hash` [String] 32-byte message digest
- **@param** `private_key_bn` [OpenSSL::BN] the private key scalar
- **@return** [Array(Signature, Integer)] the signature and recovery ID

### `verify(hash, signature, public_key_point)` <a id="method-c-verify"></a> <a id="verify-class_method"></a>
Verify an ECDSA signature against a message hash and public key.
- **@param** `hash` [String] 32-byte message digest
- **@param** `signature` [Signature] the signature to verify
- **@param** `public_key_point` [OpenSSL::PKey::EC::Point] the signer's public key point
- **@return** [Boolean] +true+ if the signature is valid
