However, I am curious about scriptSig, because it is very strange. It has this weird "a8" ending, which sounds like invalid sighash. What is taken in that case? SIGHASH_ALL? Also, I don't know, how to make any message, which will hash into 1d5e512a9723cbef373b970eb52f1e9598ad67e7408077a82fdac194b65333c9. And then, what is the z-value, which is used to make this signature? What are the last four bytes, added to the transaction? Is it "01000000"? Or maybe "a8000000"? Or something else?
Bitcoin protocol is "flexible" in certain places, one of which is the sighash byte.
This means we are not strict about what values are accepted, instead we work with the bits in that octet to decide whether SIGHASH_SINGLE or SIGHASH_NONE or SIGHASH_ANYONECANPAY is set in order to choose a different branch while computing the sighash. If none of these bits were set, those branches (in the code) are skilled and we call it SIGHASH_ALL.
To understand it best I like to think of it as splitting the byte into 2 limbs: the upper 3 bits and the lower 5 bits.
0xa8 is 0b10101000 so we have 0b
101_
01000The lower part indicates SINGLE or NONE but only if the value is exactly equal to 2 or 3 respectively.
Here
0b01000 is equal to 8 so it is neither.
The upper part indicates ANYONECANPAY but only if the highest bit is set.
In
0b101 we can see that the highest bit (0b
101) is indeed set so this is ANYONECANPAY.
In code it would look like this:
bool isSingle = ((nHashTypeIn & 0x1f) == SIGHASH_SINGLE)
bool isNone = ((nHashTypeIn & 0x1f) == SIGHASH_NONE)
bool isAnyone = !!(nHashTypeIn & SIGHASH_ANYONECANPAY)
When computing the sighash digest, sighashtype value is written to the stream as the same value that is used and in little-endian order meaning as 0xa8000000