Skip to content

Commit adf1912

Browse files
committed
fix(crypto): self-verify schnorr signature in signEvent before returning
A key-holder must never emit a signature it has not verified. signEvent now checks schnorr.verify(sig, eventId, pubkey) and throws on mismatch, catching a faulty signing path (bad RNG, library regression) before the bad signature leaves the service worker. This also exercises the previously unused verify primitive on the hot signing path. Co-Authored-By: jjohare <github@thedreamlab.uk>
1 parent 865b166 commit adf1912

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

src/crypto.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,13 @@ export async function signEvent (event, privateKeyHex) {
8080
throw new Error('Invalid signature length');
8181
}
8282

83+
// Self-verify before returning: a signature that does not verify against
84+
// the event id and pubkey indicates a faulty signing path (bad RNG, library
85+
// regression) and must never be emitted from a key-holder.
86+
if (!schnorr.verify(signatureBytes, eventIdBytes, hexToBytes(pubkey))) {
87+
throw new Error('Signature self-verification failed');
88+
}
89+
8390
// Ensure all fields are strings (Nostr spec requires this)
8491
return {
8592
...event,

0 commit comments

Comments
 (0)