Skip to content

Commit 62be402

Browse files
author
Execution Coordinator
committed
fix: support @noble/curves v2 API in signature verification
- Convert hex strings to Uint8Array for schnorr.verify() which now requires Uint8Array for signature parameter in @noble/curves v2 - Update @noble/curves from ^1.6.0 to ^2.0.0 - Update @noble/hashes from ^1.5.0 to ^2.0.0 - Update all import paths for v2 module structure: - @noble/hashes/sha256 -> @noble/hashes/sha2.js - @noble/hashes/utils -> @noble/hashes/utils.js - @noble/curves/secp256k1 -> @noble/curves/secp256k1.js - Bump version to 3.0.3 This fixes silent signature verification failures when apps have @noble/curves v2 installed (e.g. from @cashu/cashu-ts), which caused all events to be silently dropped.
1 parent ee5bbee commit 62be402

File tree

11 files changed

+81
-46
lines changed

11 files changed

+81
-46
lines changed

bun.lock

Lines changed: 40 additions & 32 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

collabstr-01-login.png

31 KB
Loading

collabstr-02-connecting-stuck.png

31.9 KB
Loading

core/package.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@nostr-dev-kit/ndk",
3-
"version": "3.0.2",
3+
"version": "3.0.3",
44
"description": "NDK - Nostr Development Kit. Includes AI Guardrails to catch common mistakes during development.",
55
"homepage": "https://ndk.fyi",
66
"documentation": "https://nostr-dev-kit.github.io/ndk",
@@ -87,8 +87,8 @@
8787
},
8888
"dependencies": {
8989
"@codesandbox/sandpack-client": "^2.19.8",
90-
"@noble/curves": "^1.6.0",
91-
"@noble/hashes": "^1.5.0",
90+
"@noble/curves": "^2.0.0",
91+
"@noble/hashes": "^2.0.0",
9292
"@noble/secp256k1": "^2.1.0",
9393
"@scure/base": "^1.1.9",
9494
"debug": "^4.3.7",

core/src/events/validation.ts

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
import { schnorr } from "@noble/curves/secp256k1";
2-
import { sha256 } from "@noble/hashes/sha256";
3-
import { bytesToHex } from "@noble/hashes/utils";
1+
import { schnorr } from "@noble/curves/secp256k1.js";
2+
import { sha256 } from "@noble/hashes/sha2.js";
3+
import { bytesToHex, hexToBytes } from "@noble/hashes/utils.js";
44
import { LRUCache } from "typescript-lru-cache";
55
import type { NDKEvent, NostrEvent } from ".";
66
import { verifySignatureAsync } from "./signature";
@@ -83,7 +83,9 @@ export function verifySignature(this: NDKEvent, persist: boolean): boolean | und
8383
});
8484
} else {
8585
const hash = sha256(new TextEncoder().encode(this.serialize()));
86-
const res = schnorr.verify(this.sig as string, hash, this.pubkey);
86+
const sigBytes = hexToBytes(this.sig as string);
87+
const pubkeyBytes = hexToBytes(this.pubkey);
88+
const res = schnorr.verify(sigBytes, hash, pubkeyBytes);
8789
if (res) verifiedSignatures.set(this.id, this.sig!);
8890
else verifiedSignatures.set(this.id, false);
8991
this.signatureVerified = res;

core/src/nip49/index.test.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
1+
import { bytesToHex, hexToBytes } from "@noble/hashes/utils.js";
22
import { describe, expect, it } from "vitest";
33
import { decrypt, encrypt } from "./index.js";
44

core/src/signers/nip46/backend/index.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { hexToBytes } from "@noble/hashes/utils";
1+
import { hexToBytes } from "@noble/hashes/utils.js";
22
import type { NDKEvent } from "../../../events/index.js";
33
import type { NDK } from "../../../ndk/index.js";
44
import type { NDKUser } from "../../../user/index.js";

core/src/signers/private-key/index.test.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { bytesToHex } from "@noble/hashes/utils";
1+
import { bytesToHex } from "@noble/hashes/utils.js";
22
import { nip19 } from "nostr-tools";
33
import { NDKEvent, type NostrEvent } from "../../index.js";
44
import { NDKPrivateKeySigner } from "./index";

core/src/signers/private-key/index.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
1+
import { bytesToHex, hexToBytes } from "@noble/hashes/utils.js";
22
import type { UnsignedEvent } from "nostr-tools";
33
import { finalizeEvent, generateSecretKey, getPublicKey, nip04, nip19, nip44 } from "nostr-tools";
44
import * as nip49 from "nostr-tools/nip49";

core/src/workers/sig-verification.ts

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
import { schnorr } from "@noble/curves/secp256k1";
2-
import { sha256 } from "@noble/hashes/sha256";
1+
import { schnorr } from "@noble/curves/secp256k1.js";
2+
import { sha256 } from "@noble/hashes/sha2.js";
33

44
// Protocol version for signature verification worker
55
// Format: [major, minor, patch] matching @nostr-dev-kit/ndk package version
@@ -26,7 +26,9 @@ globalThis.onmessage = (msg: MessageEvent) => {
2626
return;
2727
}
2828

29-
const result = schnorr.verify(sig as string, idHash, pubkey);
29+
const sigBytes = hexToBytes(sig);
30+
const pubkeyBytes = hexToBytes(pubkey);
31+
const result = schnorr.verify(sigBytes, idHash, pubkeyBytes);
3032
postMessage([id, result]);
3133
});
3234
};

0 commit comments

Comments
 (0)