How do you verify that a pubkey and a signature came from a specific xpub in a miniscript?

[matthiasdebernardini]

If you made a psbt from a wsh descriptor, then gave it to someone to sign and they return it, how would you verify that they did in fact sign it without fully satisfying it yourself and then using psbt finalizer?

I originally figured I could parse the xpubs in a descriptor, then do bip32 derivations until I could find one that matches whats in the partial_sigs field of a signed psbt but now I realize there is more to it than that.

My goal is to only add signatures to a psbt if the other party has already added theirs first.

I'm hoping that I overlooked some aspect of the API to do this.

I am using the mint005 descriptor https://github.com/Blockstream/miniscript-templates/blob/main/mint-005.md and I am referring to the layer one spend.

This is an example of the descriptor but with keys

"vault_descriptor": "wsh(andor(multi(2,[a0d3c79c/48'/1'/16845'/2']tpubDECNhCPHMn15CZv8XPBUx1Dss1sUuF5QcWKSQDSgovWQUZWDDApzmcuLXbqvYHfQvYGAPEzMbDsyEeUTS8sj8VoV7iQGXw4ibCm2kRAFWfv/0/*,[ea2484f9/48'/1'/16845'/2']tpubDF4bZmN7CGNnGufWgc6xceQbryaMvNHZJBfvPUBzGZmcyfeg7k85bZA3EedUqJhyP81C3XpRsfBZKZEPWnS5eXGA3Jor9JUaDCMPnNGizK1/0/*,[93f245d7/48'/1'/16845'/2']tpubDE8Xf9jgEGq53ff1b9a4o1YJp3iWkVeuqMmMdvnieMdfMKFCxVS74opUA7Fvsv5jkT9JvCfofbMNiM7Vgdt57qbouEEu1q6UKERZLUyKp46/0/*),or_i(and_v(v:pkh([61cdf766/48'/1'/16845'/2']tpubDEkZDx3MJn7GNPpkcgRw6m1BfPRKMhUbeUeURbGTZEBAgQxGuWyq1kBi13BEGmg39pW121hUY6AzTur28DBtsGPrB7AhgR1EM4BCyRipVv4/0/*),after(1754611200)),thresh(2,pk([704dfa14/48'/1'/0'/2']tpubDFKXh7BmFPa2JvMAe5jbXfuXikSef3tpapSSS3r4eGqx3bxra5yacCBn4ivZAeb7tv1icyHGB6wPMWCktD4Ff5q9vRVv3Bro8ExfYXqhXLR/0/*),s:pk([621f3bec/48'/1'/0'/2']tpubDEXD6B4sX85AyA3WJv1rB3NnADe8EvujnudmLTY8dmdgVKyUst3R65KQqAVyxY5q5USsMh9iqgGkDMtMzfV7zvRtUhV8timsH3H37P5C4Nt/0/*),s:pk([8275bddc/48'/1'/0'/2']tpubDEfYUTvUb7XpvzxGBXxTjQd7gq6yxHaoHj14igUiQtvf8GKmNLjwwLGib5Pojn2uaYzMQzFbJm9iEcW8QWgD6EfijJYssK6gEgnBZ3DZkVu/0/*),snl:after(1741219200))),and_v(v:thresh(2,pkh([704dfa14/48'/1'/0'/2']tpubDFKXh7BmFPa2JvMAe5jbXfuXikSef3tpapSSS3r4eGqx3bxra5yacCBn4ivZAeb7tv1icyHGB6wPMWCktD4Ff5q9vRVv3Bro8ExfYXqhXLR/2/*),a:pkh([621f3bec/48'/1'/0'/2']tpubDEXD6B4sX85AyA3WJv1rB3NnADe8EvujnudmLTY8dmdgVKyUst3R65KQqAVyxY5q5USsMh9iqgGkDMtMzfV7zvRtUhV8timsH3H37P5C4Nt/2/*),a:pkh([8275bddc/48'/1'/0'/2']tpubDEfYUTvUb7XpvzxGBXxTjQd7gq6yxHaoHj14igUiQtvf8GKmNLjwwLGib5Pojn2uaYzMQzFbJm9iEcW8QWgD6EfijJYssK6gEgnBZ3DZkVu/2/*)),after(1758499200))))#0fz8cf6w",

[LLFourn]

Unfortunately I think the only way to do this is to extract the signature from the PSBT (from partial_sigs or whatever) and then verify the signature against the transaction sighash produced by rust-bitcoin.

[apoelstra]

Yep. So, assuming there are no legacy inputs, you don't need to finalize the transaction. It should be sufficient to extract the unsigned transaction (which is much simpler), get a sighash from that, and verify the partial_sig.