If I recall correctly, in order to calculate/verify the digital signature you need to ...

oren_z0 / Oren ☂️

npub1xvt…m7f8

2025-01-12 07:40:22

in reply to nevent1q…49yr

If I recall correctly, in order to calculate/verify the digital signature you need to serialize the object to a string, calculate the sha256 of the payload which should give you the of the event-id, and verify that the signature matches the id & pubkey. But JSON objects could be serialized in different ways. Javascript JSON.serialize(...) could give sometimes '{"a":1,"b":2}' and sometimes '{"b":2,"a":1}' which could lead to unexpected results in the signature verification.

The only exception is the root object. Instead of serializing it to a string directly, the following array is serialized:

[
0,
<pubkey, as a lowercase hex string>,
<created_at, as a number>,
<kind, as a number>,
<tags, as an array of arrays of non-null strings>,
<content, as a string>
]

I guess it's ok for the root object because its serialization requires some manipulation anyways (removing the event-id and signature before serializing to get the event-id).

Author Public Key

npub1xvtw9ky0ly0ppzw8tlhdek965gjck329tga326hkzlt7c7d5tljs85m7f8

Seen on

wss://relay.primal.net

Show more details

Published at

2025-01-12 07:40:22

Kind type

1 Short Text Note

Event JSON

{ "id": "8fdc243f63720128770612c6f3ea3a65ce680fb7a1eb15d8b9f37c0c8d72e63c", "pubkey": "3316e2d88ff91e1089c75feedcd8baa2258b45455a3b156af617d7ec79b45fe5", "created_at": 1736667622, "kind": 1, "tags": [ [ "e", "a2415e23694d6206c34cad514893356c8941fd0d1f84e0b158b87eccbefed89c", "", "root" ], [ "p", "266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5" ], [ "p", "604e96e099936a104883958b040b47672e0f048c98ac793f37ffe4c720279eb2" ], [ "p", "8fb140b4e8ddef97ce4b821d247278a1a4353362623f64021484b372f948000c" ], [ "p", "be7358c4fe50148cccafc02ea205d80145e253889aa3958daafa8637047c840e" ], [ "r", "JSON.serialize" ] ], "content": "If I recall correctly, in order to calculate/verify the digital signature you need to serialize the object to a string, calculate the sha256 of the payload which should give you the of the event-id, and verify that the signature matches the id \u0026 pubkey. But JSON objects could be serialized in different ways. Javascript JSON.serialize(...) could give sometimes '{\"a\":1,\"b\":2}' and sometimes '{\"b\":2,\"a\":1}' which could lead to unexpected results in the signature verification.\n\nThe only exception is the root object. Instead of serializing it to a string directly, the following array is serialized:\n\n[\n 0,\n \u003cpubkey, as a lowercase hex string\u003e,\n \u003ccreated_at, as a number\u003e,\n \u003ckind, as a number\u003e,\n \u003ctags, as an array of arrays of non-null strings\u003e,\n \u003ccontent, as a string\u003e\n]\n\nI guess it's ok for the root object because its serialization requires some manipulation anyways (removing the event-id and signature before serializing to get the event-id).", "sig": "fcaa18a3b7a1d4f6a26be011e72cb8954b1c76a3db796cda3501b89bf87355383552a8af1aea74f656d406cb92948806a0e8b079387b6f6e35c5eadad68136bc" }