Skip to content

[LOW] Server-side signing uses SHA-256 hash instead of Ed25519 digital signature #12

Description

@Alqku

Overview

The sign_server_side method in signing_request.rs produces a SHA-256 hash of (secret_key || transaction_xdr), not a proper Ed25519 digital signature. This hash cannot be independently verified by a third party without knowing the secret key.

Evidence

// signing_request.rs
pub fn sign_server_side(&self, secret_key: &str) -> Result<ServerSignedTransaction> {
    let mut hasher = Sha256::new();
    hasher.update(secret_key.as_bytes());
    hasher.update(self.transaction_xdr.as_bytes());
    let signature = hex::encode(hasher.finalize());
    // ...
}

A proper Ed25519 signature would be verifiable with only the public key. This hash-based approach requires the verifier to also know the secret key to recompute the hash, defeating the purpose of asymmetric signing.

Impact

  • The "signature" is not independently verifiable
  • Cannot be used for third-party attestation or audit
  • Provides weaker security guarantees than Ed25519

Recommended Approach

Either:

  1. Integrate ed25519-dalek crate and produce proper Ed25519 signatures verifiable with the public key, or
  2. Document that this is a server-internal MAC (Message Authentication Code), not a digital signature, and rename accordingly (e.g., server_side_hmac)

Acceptance Criteria

  • Decision made: implement Ed25519 or rename to HMAC
  • If Ed25519: signatures verifiable without the secret key
  • If HMAC: function renamed, documentation updated

Affected Files

  • crates/tools/src/signing_request.rs
  • crates/tools/Cargo.toml — add ed25519-dalek dependency (if option 1)

Metadata

Metadata

Assignees

Labels

GrantFox OSSIssue tracked in GrantFox OSSMaybe RewardedIssue may be eligible for a GrantFox rewardOfficial CampaignCampaign: Official CampaignsecuritySecurity vulnerability or hardening

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions