Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate a virtual node secret for each user and add sign-message endpoint #303

Open
johnsBeharry opened this issue Sep 27, 2021 · 7 comments

Comments

@johnsBeharry
Copy link

johnsBeharry commented Sep 27, 2021

Problem

It is currently not possible for someone to sign a message as they do not have their own private keys. Such use cases of signMessage is a web application that uses lnurl-auth

Potential solution

Since lnhub uses shared channels, has a user database (?), and generates auth tokens anyway, there is no added security problems in introducing a a "virtual" node secret that can be used in a "/sign-message" endpoint.

This key does not need to be exposed to the user, they would still backup their lndhub accounts the same way as is currently implemented. It just allows LNDHub users to have a slightly more similar UX when it comes to password-less logins, and other uses application developers may come up with for signing messages.

@xraid
Copy link
Contributor

xraid commented Sep 27, 2021

i belive the device ie. BlueWallet app is the one to sign lnurl-auth with apps "device id" for ex. using bitcoin.js lib ?
and not to have each LN wallet(card) have separated keys ?

@johnsBeharry
Copy link
Author

@xraid i think wrt lightning in blue wallet the server has to be the one to sign unless the auth token (lndhub backup string) can be used for this somehow.

@xraid
Copy link
Contributor

xraid commented Sep 30, 2021

it would be messy have each BlueWallet Client LN wallet(card) have its own signature for lnurl-auth etc.

so the device running BlueWallet with its Unique ID: together with something from bitcoin.js could sign for lnurl-auth.

with regards signing with pub_key from LndHub's connected LND from different users with several different LN wallet(cards) ? i do not know how remote service could decode from a expected LND pub_key ? maybe as You say it is possible ?

Please show me how ...

@xraid
Copy link
Contributor

xraid commented Sep 30, 2021

I do not see how one LND pub_key should / could be responsible signing for several devices with several accounts, LND is unaware of LndHub and its accounts ...

@johnsBeharry
Copy link
Author

with regards signing with pub_key from LndHub's connected LND from different users with several different LN wallet(cards) ? i do not know how remote service could decode from a expected LND pub_key ? maybe as You say it is possible ?

@xraid I wasn't suggesting it have anything to do with LND actually. To be honest even a key derived from the users lndhub login + password. The main point is that there is a key that is stored in the existing LNDHub database for each user.

with regards signing with pub_key from LndHub's connected LND from different users with several different LN wallet(cards) ? i do not know how remote service could decode from a expected LND pub_key ? maybe as You say it is possible ?

Please show me how ...

The signing doesn't have to happen on LND its happening on the LNDHub service. The end result I'm asking about is an endpoint where one can do POST /signMessage with a body of {message: "some message for signing"}.

@xraid
Copy link
Contributor

xraid commented Oct 13, 2021

You could easily use https://github.com/lndhub-admin/LndHub-Admin-Extension

and in the example ´adminRouter.js` create a endpoint :

POST <config.adminPath>/signMessage

      headers: {
           Content-Type: "application/json",
           Authorization: `Bearer ${config.adminPin}`,
        },

that could return a signed message

would You also return the public key used for signing in the response ?

also introduce a new db record of wallet(card) key in redis

_admin_key_for_account_<****> {privkey: xxx, pubkey: xxx}

@xraid
Copy link
Contributor

xraid commented Oct 13, 2021

well to make it generic for every wallet card we need extend labels for accounts in LndHub

if You like to discuss how . we can do it here : https://t.me/joinchat/L31KXn9TlDNmMTY0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants