Update NUT-29 signature message to include mint pubkey and timestamp#363
Open
a1denvalu3 wants to merge 3 commits into
Open
Update NUT-29 signature message to include mint pubkey and timestamp#363a1denvalu3 wants to merge 3 commits into
a1denvalu3 wants to merge 3 commits into
Conversation
Contributor
Author
|
This PR includes updates to the signature scheme and test vectors, intended to be merged into the branch for #341. |
robwoodgate
reviewed
Apr 21, 2026
| "pubkeys": <Array[str]>, | ||
| "pubkey_signatures": <Array[str]> | ||
| "pubkey_signatures": <Array[str]>, | ||
| "timestamp": <int> |
Contributor
There was a problem hiding this comment.
We should add a hard rule about acceptable timestamp age - eg, mint will reject any timestamp older than xx minutes, and any timestamp greater than current epoch
Resolves the issue where a signed timestamp had no required staleness window, meaning a signature could theoretically be reused indefinitely against the mint. The mint must now reject requests with timestamps that deviate by more than 60 seconds from its current time.
| The wallet **MUST** provide a valid signature in `pubkey_signatures` for each public key in `pubkeys` with the corresponding private key in the same order as the `pubkeys` array. The message to sign is the byte representation of the public key. | ||
| The wallet **MUST** provide a valid signature in `pubkey_signatures` for each public key in `pubkeys` with the corresponding private key in the same order as the `pubkeys` array. The message to sign is the SHA-256 hash of the concatenated string `pubkey || timestamp || mint_pubkey`. Where `||` denotes concatenation, `pubkey` is the hex-encoded public key, `timestamp` is the UTF-8 string representation of the Unix timestamp, and `mint_pubkey` is the hex-encoded public key of the mint as defined in [NUT-06][06]. | ||
|
|
||
| The mint **MUST** evaluate the `timestamp` field and reject the request if it is more than 60 seconds in the past or future. |
Collaborator
There was a problem hiding this comment.
I think 60 seconds may be too strict. We've had reports of mints having the time in the mint info off by 15 minutes.
Contributor
There was a problem hiding this comment.
With NTP there should be little reason for clocks to be that far out really. I think maybe up to 300 seconds is more reasonable - still a 10 minute window overall.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary