-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate a virtual node secret for each user and add sign-message endpoint #303
Comments
i belive the device ie. BlueWallet app is the one to sign lnurl-auth with apps "device id" for ex. using bitcoin.js lib ? |
@xraid i think wrt lightning in blue wallet the server has to be the one to sign unless the auth token (lndhub backup string) can be used for this somehow. |
it would be messy have each BlueWallet Client LN wallet(card) have its own signature for lnurl-auth etc. so the device running BlueWallet with its Unique ID: together with something from bitcoin.js could sign for lnurl-auth. with regards signing with pub_key from LndHub's connected LND from different users with several different LN wallet(cards) ? i do not know how remote service could decode from a expected LND pub_key ? maybe as You say it is possible ? Please show me how ... |
I do not see how one LND pub_key should / could be responsible signing for several devices with several accounts, LND is unaware of LndHub and its accounts ... |
@xraid I wasn't suggesting it have anything to do with LND actually. To be honest even a key derived from the users lndhub login + password. The main point is that there is a key that is stored in the existing LNDHub database for each user.
The signing doesn't have to happen on LND its happening on the LNDHub service. The end result I'm asking about is an endpoint where one can do |
You could easily use https://github.com/lndhub-admin/LndHub-Admin-Extension and in the example ´adminRouter.js` create a endpoint :
that could return a signed message would You also return the public key used for signing in the response ? also introduce a new db record of wallet(card) key in redis
|
well to make it generic for every wallet card we need extend labels for accounts in LndHub if You like to discuss how . we can do it here : https://t.me/joinchat/L31KXn9TlDNmMTY0 |
Problem
It is currently not possible for someone to sign a message as they do not have their own private keys. Such use cases of signMessage is a web application that uses lnurl-auth
Potential solution
Since lnhub uses shared channels, has a user database (?), and generates auth tokens anyway, there is no added security problems in introducing a a "virtual" node secret that can be used in a "/sign-message" endpoint.
This key does not need to be exposed to the user, they would still backup their lndhub accounts the same way as is currently implemented. It just allows LNDHub users to have a slightly more similar UX when it comes to password-less logins, and other uses application developers may come up with for signing messages.
The text was updated successfully, but these errors were encountered: