forgejo-admin/nuts
0
0
Fork 0
Code Issues 35 Pull requests 32 Projects Releases Packages Wiki Activity Actions

Update NUT-29 signature message to include mint pubkey and timestamp #363

Closed
a1denvalu3 wants to merge 3 commits from update-sig-nut-29 into get-quotes-by-pubkeys
pull from: update-sig-nut-29
merge into: forgejo-admin:get-quotes-by-pubkeys
Conversation 6 Commits 3 Files changed 2 +45 -3
a1denvalu3 commented 2026-04-17 10:08:14 +00:00 (Migrated from github.com)
Copy link

Summary

  • Update msg_to_sign for the pubkey quote lookup to include a timestamp and the mint's pubkey
  • Add test vectors for NUT-29 request signature verification
## Summary - Update msg_to_sign for the pubkey quote lookup to include a timestamp and the mint's pubkey - Add test vectors for NUT-29 request signature verification
a1denvalu3 commented 2026-04-17 10:12:29 +00:00 (Migrated from github.com)
Copy link

This PR includes updates to the signature scheme and test vectors, intended to be merged into the branch for #341.

This PR includes updates to the signature scheme and test vectors, intended to be merged into the branch for #341.
TheMhv (Migrated from github.com) approved these changes 2026-04-17 17:06:49 +00:00
TheMhv (Migrated from github.com) left a comment
Copy link

That's better approach to fix reply attack on https://github.com/cashubtc/nuts/pull/341

Concept ACK 2fd727aef4

That's better approach to fix reply attack on https://github.com/cashubtc/nuts/pull/341 Concept ACK 2fd727aef4550625aa194ec18cd7c4ad5a997172
robwoodgate (Migrated from github.com) reviewed 2026-04-21 16:08:07 +00:00
xx.md
@ -24,2 +24,3 @@
"pubkey_signatures": <Array[str]>
"pubkey_signatures": <Array[str]>,
"timestamp": <int>
}
robwoodgate (Migrated from github.com) commented 2026-04-21 16:08:07 +00:00
Copy link

We should add a hard rule about acceptable timestamp age - eg, mint will reject any timestamp older than xx minutes, and any timestamp greater than current epoch

We should add a hard rule about acceptable timestamp age - eg, mint will reject any timestamp older than xx minutes, and any timestamp greater than current epoch
thesimplekid (Migrated from github.com) reviewed 2026-04-22 12:21:25 +00:00
xx.md
@ -21,14 +21,18 @@ The wallet includes the following `PostMintQuotesByPubkeyRequest` data:
```json
thesimplekid (Migrated from github.com) commented 2026-04-22 12:21:25 +00:00
Copy link

I think 60 seconds may be too strict. We've had reports of mints having the time in the mint info off by 15 minutes.

I think 60 seconds may be too strict. We've had reports of mints having the time in the mint info off by 15 minutes.
robwoodgate (Migrated from github.com) reviewed 2026-04-22 13:49:12 +00:00
xx.md
@ -21,14 +21,18 @@ The wallet includes the following `PostMintQuotesByPubkeyRequest` data:
```json
robwoodgate (Migrated from github.com) commented 2026-04-22 13:49:12 +00:00
Copy link

With NTP there should be little reason for clocks to be that far out really. I think maybe up to 300 seconds is more reasonable - still a 10 minute window overall.

With NTP there should be little reason for clocks to be that far out really. I think maybe up to 300 seconds is more reasonable - still a 10 minute window overall.
a1denvalu3 commented 2026-06-07 20:27:40 +00:00 (Migrated from github.com)
Copy link

NUT-29 signature message is already being changed in https://github.com/cashubtc/nuts/pull/375

NUT-29 signature message is already being changed in https://github.com/cashubtc/nuts/pull/375

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
TheMhv
Labels
Clear labels   
breaking change
This issue/PR entails breaking changes

  
bug
Something isn't working

  
documentation
Improvements or additions to documentation

  
enhancement
New feature or request

  
needs discussion
Needs more discussion

  
needs implementation
Needs a reference implementation

  
new nut
A new protocol NUT

  
ready
Ready to merge

  
wallet-only
A change that affects only wallets

No labels
breaking change
bug
documentation
enhancement
needs discussion
needs implementation
new nut
ready
wallet-only
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo-admin/nuts!363
No description provided.