fix: inner event signature verification (fixes #64)#69
Open
1amKhush wants to merge 3 commits intoContextVM:masterfrom
Open
fix: inner event signature verification (fixes #64)#691amKhush wants to merge 3 commits intoContextVM:masterfrom
1amKhush wants to merge 3 commits intoContextVM:masterfrom
Conversation
Contributor
|
Great! please add a patch changeset and we can mege this |
There was a problem hiding this comment.
Pull request overview
Implements cryptographic signature verification (verifyEvent) for decrypted inner Nostr events on both server and client transports to prevent forged inner payloads from spoofing trusted identities (fixes #64).
Changes:
- Added
verifyEventchecks for decrypted inner events inNostrServerTransportandNostrClientTransport. - Updated deduplication-related tests to generate properly signed inner events using
finalizeEvent+ real keypairs. - Added a new unit test file covering acceptance/rejection behavior for inner-event verification, plus a changeset entry.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
src/transport/nostr-server-transport.ts |
Verifies decrypted inner event signatures before dedupe/authorization. |
src/transport/nostr-client-transport.ts |
Verifies decrypted inner event signatures before processing responses/notifications. |
src/transport/nostr-transport-deduplication.test.ts |
Uses finalizeEvent-signed inner events so verification passes in dedupe tests. |
src/transport/nostr-server-transport.dedup-response.test.ts |
Updates deterministic decrypt stubs to return valid signed inner events. |
src/transport/nostr-server-transport.inner-event-verification.test.ts |
Adds explicit tests for rejecting forged inner events and accepting valid ones. |
.changeset/very-very-secure-inner-events.md |
Adds release note for the fix (needs alignment with actual PR contents). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR implements cryptographic signature verification for decrypted inner events to prevent identity forgery attacks, addressing issue #64.
The Problem
Previously, after decrypting a gift-wrapped event, the inner payload was parsed and its
pubkeywas trusted implicitly without verifying the attached cryptographic signature (sig). This meant a malicious actor could wrap a forged payload and claim the identity of an authorized/whitelisted server or client, bypassing access controls.The Solution
verifyEventfromnostr-tools/pureintohandleEncryptedEvent(Server) andprocessIncomingEvent(Client).nostr-server-transport.dedup-response.test.tsandnostr-transport-deduplication.test.ts) to generate cryptographically valid inner events usingfinalizeEventand real keypairs, replacing the hardcoded'0'.repeat(128)signatures that were correctly failing the new strict verification logic.nostr-server-transport.inner-event-verification.test.ts) to ensure forged signatures are rejected and valid ones are properly authorized.Testing