pezkuwichain/pwap
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pwap.git synced 2026-04-21 23:47:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: verify derived key matches on-chain key during unlock

Browse Source
This commit is contained in:
Kurdistan Tech Ministry
2026-03-04 04:37:07 +03:00
parent e8007de9f4
commit f328270b5e
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/hooks/useMessaging.ts
+10
View File
@@ -170,6 +170,16 @@ export function useMessaging() {
try {
const signature = await signMessage('PEZMessage:v1');
const { publicKey, privateKey } = deriveKeypair(signature);
// Verify derived key matches on-chain key
const onChainKey = await getEncryptionKey(peopleApi, selectedAccount.address);
if (onChainKey && (onChainKey.length !== publicKey.length || !onChainKey.every((b, i) => b === publicKey[i]))) {
console.error('[PEZMessage] Key mismatch! on-chain:', Array.from(onChainKey.slice(0, 4)), 'derived:', Array.from(publicKey.slice(0, 4)));
toast.error('Derived key does not match on-chain key. Try re-registering.');
setState(prev => ({ ...prev, registering: false }));
return;
}
privateKeyRef.current = privateKey;
publicKeyRef.current = publicKey;
setState(prev => ({ ...prev, isKeyUnlocked: true, registering: false }));