Let's assume Bruce has two Bitcoin Addresses (1PvFignfc4H1hvUJU8EuoeUNMh7WtdJPgp and 1Gd2SRTE7GC6GHwtSaAeV7d1xhJ7t5iYJ6 ). Both these addresses were generated using his Bitcoin Wallet's private key.
The wallet.dat holds a collection of private keys. Each private key yields a unique bitcoin address. So the wallet doesn't have a single private key, it has many private keys, and each one can be hashed to come up with the corresponding Bitcoin address.
To send 1.88 BTC to Linda, first the Bitcoin Client on Bruce's machine, has to scan the entire block chain and locate all the transactions corresponding to 1 of the above 2 Bitcoin Addresses where Bruce received some amount.
Well the Bitcoin-Qt client will look at all unspent transactions of Bruce's (i.e., for any address in his wallet) and choose one or more based on a set of rules (which include minimizing the change amount, for example).
This transaction will have an Output (which has a value and a Bitcoin Address stored in it? )
So the two outputs are Linda's Address (with amount 1.88 BTC) and then the client pulls an unused address from the keypool and adds that as a second output (with the amount being the total input amount(s) less 1.88 BTC to Linda less the fee to give to the miner).
now, once the Bitcoin Client has located the latest transaction in the block chain, where Bruce received some amount,
Not necessarily the latest. The specific unspent transaction used will be whatever one the client chose based on the client's ruleset. This is different for different clients. Bitcoin-Qt uses one method for coin selection, Armory uses its own, etc.
it will generate the Input Script to prove that Bruce is the owner of those BTC as mentioned in the Output of Transaction, correct?
No. For this "transfer to bitcoin address" action, each output is simply:
OP_DUP OP_HASH160
OP_EQUALVERIFY OP_CHECKSIG -
http://en.bitcoin.it/wiki/Transactions#Principle_example_of_a_Bitcoin_transaction_with_1_input_and_1_output_onlyThere's nothing in each OUTPUT other than the output instruction and the hash of the public key -- specifically RIPEMD160(SHA256(PubKey)). And there's nothing that would indicate that one of the addresses happens to be an address that is from Bruce's own wallet.
All the signing and full public key is in each INPUT, not the OUTPUT. Only during transaction verification are these two used together:
The input's scriptSig and the referenced output's scriptPubKey are evaluated (in that order), with scriptPubKey using the values left on the stack by scriptSig. The input is authorized if scriptPubKey returns true
-
https://en.bitcoin.it/wiki/Transactions#Verification[I'm not well versed on transactions at the script level so I may be describing it incorrectly so if anyone has corrections or comments feel free to share.]