The ECDSA public key is "included" in the new transaction (part of the scriptSig).
Details
This is an example output of a transaction (only hash of the pubkey is available):
"scriptPubKey": {
"asm": "OP_DUP OP_HASH160 059be22aadc3bef6b673cb7a16247a0b7403d943 OP_EQUALVERIFY OP_CHECKSIG",
"hex": "76a914059be22aadc3bef6b673cb7a16247a0b7403d94388ac",
"reqSigs": 1,
"type": "pubkeyhash",
"addresses": [
"mg2cQz9Y3ugyjfq8b2wTcW4veemgTBKxkX"
]
}
The pubkey from the address above is
03788e5414ebec4a38032be706ae0c13870e320d916bb087ab7258fcf8c0111cbf
(but it's not visible in the blockchain until the output gets spent. Only the recipient of the output above knows it.)
Using that output as an input in a later transaction will result in:
"scriptSig": {
"asm": "304402203b47249bfe6528dcf297c5888ad608a5c7227ea9f878df09a265c3318c1482e202204e8a8f17da505a6d20ceb4eb63fba2d8e2c5d0a792a0e280dcb18adeec68a05d[ALL]03788e5414ebec4a38032be706ae0c13870e320d916bb087ab7258fcf8c0111cbf",
"hex": "47304402203b47249bfe6528dcf297c5888ad608a5c7227ea9f878df09a265c3318c1482e202204e8a8f17da505a6d20ceb4eb63fba2d8e2c5d0a792a0e280dcb18adeec68a05d012103788e5414ebec4a38032be706ae0c13870e320d916bb087ab7258fcf8c0111cbf"
},
- (
3044... is the DER encoded ECDSA signature)
- (
03788... is the pubkey)
2
Possible duplicate of If addresses are hashes of public keys, how are signatures verified?
– Christopher Gurnee – 2016-11-30T19:15:12.403