@bsv/sdk 1.9.31 → 1.10.2

package/docs/index.md

@@ -59,6 +59,7 @@ Finally, you can deep dive into the details of the interface and types in the re
 - [Storage](./reference/storage.md)
 - [KV Store](./reference/kvstore.md)
 - [Messages](./reference/messages.md)
+    - Please note [*Security Considerations*](#security-considerations-for-encrypted-messages).
 - [TOTP](./reference/totp.md)
 - [Compatibility](./reference/compat.md)
 
@@ -74,4 +75,17 @@ Finally, you can deep dive into the details of the interface and types in the re
 
 ## Performance Reports
 
-- [Benchmarks](./performance.md)
+- [Benchmarks](./performance.md)
+
+## Security Considerations for Encrypted Messages
+
+The encrypted message protocol implemented in this SDK derives per-message encryption keys deterministically from the parties’ long-term keys and a caller-supplied invoice number (BRC-42 style derivation).
+
+This construction does not provide the guarantees of a standard authenticated key exchange (AKE). In particular:
+
+No forward secrecy: Compromise of a long-term private key compromises all past and future messages derived from it.
+No replay protection: Messages encrypted under the same invoice number and key pair can be replayed.
+Potential identity misbinding: Public keys alone do not guarantee peer identity without additional authentication or identity verification.
+This protocol is intended for lightweight, deterministic messaging between parties that already trust each other’s long-term public keys. It SHOULD NOT be used for high-security or high-value communications without additional protocol-layer protections.
+
+Applications requiring strong authentication, replay protection, or forward secrecy should use a formally analyzed protocol such as X3DH, Noise, or SIGMA.

package/docs/reference/auth.md

@@ -47,6 +47,8 @@ export interface PeerSession {
     peerNonce?: string;
     peerIdentityKey?: string;
     lastUpdate: number;
+    certificatesRequired?: boolean;
+    certificatesValidated?: boolean;
 }
 ```
 

package/docs/reference/messages.md

@@ -2,30 +2,6 @@
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Variables](#variables)
 
-## Security Considerations for Encrypted Messages
-
-The encrypted message protocol implemented in this SDK derives per-message
-encryption keys deterministically from the parties’ long-term keys and a
-caller-supplied invoice number (BRC-42 style derivation).
-
-This construction does **not** provide the guarantees of a standard
-authenticated key exchange (AKE). In particular:
-
-- **No forward secrecy**: Compromise of a long-term private key compromises
-  all past and future messages derived from it.
-- **No replay protection**: Messages encrypted under the same invoice number
-  and key pair can be replayed.
-- **Potential identity misbinding**: Public keys alone do not guarantee peer
-  identity without additional authentication or identity verification.
-
-This protocol is intended for lightweight, deterministic messaging between
-parties that already trust each other’s long-term public keys. It SHOULD NOT
-be used for high-security or high-value communications without additional
-protocol-layer protections.
-
-Applications requiring strong authentication, replay protection, or forward
-secrecy should use a formally analyzed protocol such as X3DH, Noise, or SIGMA.
-
 ## Interfaces
 
 ## Classes

package/docs/reference/primitives.md

@@ -299,6 +299,13 @@ console.log(BigNumber.wordSize);  // output: 26
 Compute the multiplicative inverse of the current BigNumber in the modulus field specified by `p`.
 The multiplicative inverse is a number which when multiplied with the current BigNumber gives '1' in the modulus field.
 
+SECURITY NOTE:
+This implementation avoids variable-time extended Euclidean algorithms
+to reduce timing side-channel leakage. However, JavaScript BigInt arithmetic
+does not provide constant-time guarantees. This implementation is suitable
+for browser and single-tenant environments but is not hardened against
+high-resolution timing attacks in shared CPU contexts.
+
 ```ts
 _invmp(p: BigNumber): BigNumber 
 ```
@@ -1786,6 +1793,7 @@ export default class Point extends BasePoint {
     getX(): BigNumber 
     getY(): BigNumber 
     mul(k: BigNumber | number | number[] | string): Point 
+    mulCT(k: BigNumber | number | number[] | string): Point 
     mulAdd(k1: BigNumber, p2: Point, k2: BigNumber): Point 
     jmulAdd(k1: BigNumber, p2: Point, k2: BigNumber): JPoint 
     eq(p: Point): boolean 
@@ -2508,6 +2516,32 @@ Returns
 
 #### Method deriveChild
 
+SECURITY NOTE – DETERMINISTIC CHILD KEY DERIVATION
+
+This method derives child private keys deterministically from the caller’s
+long-term private key, the counterparty’s public key, and a caller-supplied
+invoice number using HMAC over an ECDH shared secret (BRC-42 style derivation).
+
+This construction does NOT implement a formally authenticated key exchange
+(AKE) and does NOT provide the following security properties:
+
+ - Forward secrecy: Compromise of a long-term private key compromises all
+   past and future child keys derived from it.
+ - Replay protection: Child keys are deterministic for a given invoice
+   number and key pair; previously observed messages can be replayed.
+ - Explicit authentication / identity binding: Possession of a public key
+   alone does not guarantee the intended peer identity, enabling potential
+   identity misbinding attacks if higher-level identity verification is absent.
+
+This derivation is intended for lightweight, deterministic key hierarchies
+where both parties already possess and trust each other’s long-term public
+keys. It SHOULD NOT be used as a drop-in replacement for a standard
+authenticated key exchange (e.g. X3DH, Noise, or SIGMA) in high-security or
+high-value contexts.
+
+Any future protocol providing forward secrecy, replay protection, or strong
+peer authentication will require a versioned, breaking change.
+
 Derives a child key with BRC-42.
 
 ```ts
@@ -3309,6 +3343,14 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 ---
 ### Class: ReductionContext
 
+SECURITY NOTE:
+This reduction context avoids obvious variable-time constructs (such as
+sliding-window exponentiation and conditional modular reduction) to reduce
+timing side-channel leakage. However, JavaScript BigInt arithmetic does not
+provide constant-time guarantees. These mitigations improve resistance to
+coarse timing attacks but do not make the implementation suitable for
+hostile multi-tenant or shared-CPU environments.
+
 A base reduction engine that provides several arithmetic operations over
 big numbers under a modulus context. It's particularly suitable for
 calculations required in cryptography algorithms and encoding schemas.
@@ -4961,14 +5003,14 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 
 | | |
 | --- | --- |
-| [AES](#function-aes) | [pbkdf2](#function-pbkdf2) |
-| [AESGCM](#function-aesgcm) | [realHtonl](#function-realhtonl) |
-| [AESGCMDecrypt](#function-aesgcmdecrypt) | [red](#function-red) |
-| [assertValidHex](#function-assertvalidhex) | [swapBytes32](#function-swapbytes32) |
-| [base64ToArray](#function-base64toarray) | [toArray](#function-toarray) |
+| [AES](#function-aes) | [normalizeHex](#function-normalizehex) |
+| [AESGCM](#function-aesgcm) | [pbkdf2](#function-pbkdf2) |
+| [AESGCMDecrypt](#function-aesgcmdecrypt) | [realHtonl](#function-realhtonl) |
+| [assertValidHex](#function-assertvalidhex) | [red](#function-red) |
+| [base64ToArray](#function-base64toarray) | [swapBytes32](#function-swapbytes32) |
+| [constantTimeEquals](#function-constanttimeequals) | [toArray](#function-toarray) |
 | [ghash](#function-ghash) | [toBase64](#function-tobase64) |
 | [htonl](#function-htonl) | [verifyNotNull](#function-verifynotnull) |
-| [normalizeHex](#function-normalizehex) |  |
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
@@ -5067,6 +5109,15 @@ export function base64ToArray(msg: string): number[]
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
+---
+### Function: constantTimeEquals
+
+```ts
+export function constantTimeEquals(a: Uint8Array | number[], b: Uint8Array | number[]): boolean 
+```
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
 ---
 ### Function: ghash
 
@@ -5736,7 +5787,7 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 ```ts
 incrementLeastSignificantThirtyTwoBits = function (block: Bytes): Bytes {
     const result = block.slice();
-    for (let i = 15; i !== 11; i--) {
+    for (let i = 15; i > 11; i--) {
         result[i] = (result[i] + 1) & 255;
         if (result[i] !== 0) {
             break;
@@ -5914,16 +5965,18 @@ multiply = function (block0: Bytes, block1: Bytes): Bytes {
     const v = block1.slice();
     const z = createZeroBlock(16);
     for (let i = 0; i < 16; i++) {
+        const b = block0[i];
         for (let j = 7; j >= 0; j--) {
-            if ((block0[i] & (1 << j)) !== 0) {
-                xorInto(z, v);
+            const bit = (b >> j) & 1;
+            const mask = -bit & 255;
+            for (let k = 0; k < 16; k++) {
+                z[k] ^= v[k] & mask;
             }
-            if ((v[15] & 1) !== 0) {
-                rightShift(v);
-                xorInto(v, R);
-            }
-            else {
-                rightShift(v);
+            const lsb = v[15] & 1;
+            const rmask = -lsb & 255;
+            rightShift(v);
+            for (let k = 0; k < 16; k++) {
+                v[k] ^= R[k] & rmask;
             }
         }
     }
@@ -6100,9 +6153,13 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 
 ```ts
 sign = (msg: BigNumber, key: BigNumber, forceLowS: boolean = false, customK?: BigNumber | ((iter: number) => BigNumber)): Signature => {
+    const nBitLength = curve.n.bitLength();
+    if (msg.bitLength() > nBitLength) {
+        throw new Error(`ECDSA message is too large: expected <= ${nBitLength} bits. Callers must hash messages before signing.`);
+    }
     msg = truncateToN(msg);
-    const msgBig = BigInt("0x" + msg.toString(16));
-    const keyBig = BigInt("0x" + key.toString(16));
+    const msgBig = bnToBigInt(msg);
+    const keyBig = bnToBigInt(key);
     const bkey = key.toArray("be", bytes);
     const nonce = msg.toArray("be", bytes);
     const drbg = new DRBG(bkey, nonce);
@@ -6112,26 +6169,24 @@ sign = (msg: BigNumber, key: BigNumber, forceLowS: boolean = false, customK?: Bi
             : BigNumber.isBN(customK)
                 ? customK
                 : new BigNumber(drbg.generate(bytes), 16);
-        if (kBN == null)
+        if (kBN == null) {
             throw new Error("k is undefined");
+        }
         kBN = truncateToN(kBN, true);
         if (kBN.cmpn(1) < 0 || kBN.cmp(ns1) > 0) {
             if (BigNumber.isBN(customK)) {
-                throw new Error("Invalid fixed custom K value (must be >1 and <N\u20111)");
+                throw new Error("Invalid fixed custom K value (must be >1 and <N-1)");
             }
             continue;
         }
-        const kBig = BigInt("0x" + kBN.toString(16));
-        const R = scalarMultiplyWNAF(kBig, { x: GX_BIGINT, y: GY_BIGINT });
-        if (R.Z === 0n) {
+        const R = curve.g.mulCT(kBN);
+        if (R.isInfinity()) {
             if (BigNumber.isBN(customK)) {
                 throw new Error("Invalid fixed custom K value (k\u00B7G at infinity)");
             }
             continue;
         }
-        const zInv = biModInv(R.Z);
-        const zInv2 = biModMul(zInv, zInv);
-        const xAff = biModMul(R.X, zInv2);
+        const xAff = BigInt("0x" + R.getX().toString(16));
         const rBig = modN(xAff);
         if (rBig === 0n) {
             if (BigNumber.isBN(customK)) {
@@ -6139,6 +6194,7 @@ sign = (msg: BigNumber, key: BigNumber, forceLowS: boolean = false, customK?: Bi
             }
             continue;
         }
+        const kBig = BigInt("0x" + kBN.toString(16));
         const kInv = modInvN(kBig);
         const rTimesKey = modMulN(rBig, keyBig);
         const sum = modN(msgBig + rTimesKey);
@@ -6159,7 +6215,7 @@ sign = (msg: BigNumber, key: BigNumber, forceLowS: boolean = false, customK?: Bi
 }
 ```
 
-See also: [BigNumber](./primitives.md#class-bignumber), [DRBG](./primitives.md#class-drbg), [GX_BIGINT](./primitives.md#variable-gx_bigint), [GY_BIGINT](./primitives.md#variable-gy_bigint), [N_BIGINT](./primitives.md#variable-n_bigint), [Signature](./primitives.md#class-signature), [biModInv](./primitives.md#variable-bimodinv), [biModMul](./primitives.md#variable-bimodmul), [modInvN](./primitives.md#variable-modinvn), [modMulN](./primitives.md#variable-modmuln), [modN](./primitives.md#variable-modn), [scalarMultiplyWNAF](./primitives.md#variable-scalarmultiplywnaf), [toArray](./primitives.md#variable-toarray)
+See also: [BigNumber](./primitives.md#class-bignumber), [DRBG](./primitives.md#class-drbg), [N_BIGINT](./primitives.md#variable-n_bigint), [Signature](./primitives.md#class-signature), [modInvN](./primitives.md#variable-modinvn), [modMulN](./primitives.md#variable-modmuln), [modN](./primitives.md#variable-modn), [toArray](./primitives.md#variable-toarray)
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
@@ -6350,17 +6406,21 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 
 ```ts
 verify = (msg: BigNumber, sig: Signature, key: Point): boolean => {
-    const hash = BigInt("0x" + msg.toString(16));
+    const nBitLength = curve.n.bitLength();
+    if (msg.bitLength() > nBitLength) {
+        return false;
+    }
+    const hash = bnToBigInt(msg);
     if ((key.x == null) || (key.y == null)) {
         throw new Error("Invalid public key: missing coordinates.");
     }
     const publicKey = {
-        x: BigInt("0x" + key.x.toString(16)),
-        y: BigInt("0x" + key.y.toString(16))
+        x: bnToBigInt(key.x),
+        y: bnToBigInt(key.y)
     };
     const signature = {
-        r: BigInt("0x" + sig.r.toString(16)),
-        s: BigInt("0x" + sig.s.toString(16))
+        r: bnToBigInt(sig.r),
+        s: bnToBigInt(sig.s)
     };
     const { r, s } = signature;
     const z = hash;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.9.31",
+  "version": "1.10.2",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/auth/Peer.ts

@@ -127,7 +127,17 @@ export class Peer {
 
     const peerSession = await this.getAuthenticatedSession(identityKey, maxWaitTime)
 
-    // Prepare the general message
+    if (peerSession.peerIdentityKey == null) {
+      throw new Error('Peer identity is not established')
+    }
+
+    if (peerSession.certificatesRequired === true &&
+        peerSession.certificatesValidated !== true) {
+      throw new Error(
+        'Cannot send general message before certificate validation is complete'
+      )
+    }
+
     const requestNonce = Utils.toBase64(Random(32))
     const { signature } = await this.wallet.createSignature({
       data: message,
@@ -339,15 +349,19 @@ export class Peer {
     identityKey?: string,
     maxWaitTime = 10000
   ): Promise<string> {
-    const sessionNonce = await createNonce(this.wallet, undefined, this.originator) // Initial request nonce
+    const sessionNonce = await createNonce(this.wallet, undefined, this.originator)
 
-    // Create the preliminary session (not yet authenticated)
     const now = Date.now()
+    const certificatesRequired =
+      this.certificatesToRequest.certifiers.length > 0
+
     this.sessionManager.addSession({
       isAuthenticated: false,
       sessionNonce,
       peerIdentityKey: identityKey,
-      lastUpdate: now
+      lastUpdate: now,
+      certificatesRequired,
+      certificatesValidated: !certificatesRequired
     })
 
     const initialRequest: AuthMessage = {
@@ -448,28 +462,33 @@ export class Peer {
       )
     }
 
-    switch (message.messageType) {
-      case 'initialRequest':
-        await this.processInitialRequest(message)
-        break
-      case 'initialResponse':
-        await this.processInitialResponse(message)
-        break
-      case 'certificateRequest':
-        await this.processCertificateRequest(message)
-        break
-      case 'certificateResponse':
-        await this.processCertificateResponse(message)
-        break
-      case 'general':
-        await this.processGeneralMessage(message)
-        break
-      default:
-        throw new Error(
-          `Unknown message type of ${String(message.messageType)} from ${String(
-            message.identityKey
-          )}`
-        )
+    try {
+      switch (message.messageType) {
+        case 'initialRequest':
+          await this.processInitialRequest(message)
+          break
+        case 'initialResponse':
+          await this.processInitialResponse(message)
+          break
+        case 'certificateRequest':
+          await this.processCertificateRequest(message)
+          break
+        case 'certificateResponse':
+          await this.processCertificateResponse(message)
+          break
+        case 'general':
+          await this.processGeneralMessage(message)
+          break
+        default:
+          throw new Error(
+            `Unknown message type of ${String(message.messageType)} from ${String(
+              message.identityKey
+            )}`
+          )
+      }
+    } catch (err) {
+      // Swallow protocol violations so transport does not crash the process
+      // (Message is intentionally rejected)
     }
   }
 
@@ -487,33 +506,35 @@ export class Peer {
       throw new Error('Missing required fields in initialRequest message.')
     }
 
-    // Create a new sessionNonce for our side
     const sessionNonce = await createNonce(this.wallet, undefined, this.originator)
     const now = Date.now()
 
-    // We'll treat this as fully authenticated from *our* perspective (the responding side).
+    const certificatesRequired =
+      Array.isArray(this.certificatesToRequest?.certifiers) &&
+      this.certificatesToRequest.certifiers.length > 0
+
     this.sessionManager.addSession({
       isAuthenticated: true,
       sessionNonce,
       peerNonce: message.initialNonce,
       peerIdentityKey: message.identityKey,
-      lastUpdate: now
+      lastUpdate: now,
+      certificatesRequired,
+      certificatesValidated: !certificatesRequired
     })
 
-    // Possibly handle the peer's requested certs
     let certificatesToInclude: VerifiableCertificate[] | undefined
+
+    // Handle THEIR certificate request (if any)
     if (
-      (message.requestedCertificates != null) &&
-      Array.isArray(message.requestedCertificates.certifiers) &&
+      Array.isArray(message.requestedCertificates?.certifiers) &&
       message.requestedCertificates.certifiers.length > 0
     ) {
       if (this.onCertificateRequestReceivedCallbacks.size > 0) {
-        // Let the application handle it
         this.onCertificateRequestReceivedCallbacks.forEach(cb => {
           cb(message.identityKey, message.requestedCertificates as RequestedCertificateSet)
         })
       } else {
-        // Attempt to find automatically
         certificatesToInclude = await getVerifiableCertificates(
           this.wallet,
           message.requestedCertificates,
@@ -523,7 +544,6 @@ export class Peer {
       }
     }
 
-    // Create signature
     const { signature } = await this.wallet.createSignature({
       data: Peer.base64ToBytes(message.initialNonce + sessionNonce),
       protocolID: [2, 'auth message signature'],
@@ -542,12 +562,10 @@ export class Peer {
       signature
     }
 
-    // If we haven't interacted with a peer yet, store this identity as "lastInteracted"
     if (this.lastInteractedWithPeer === undefined) {
       this.lastInteractedWithPeer = message.identityKey
     }
 
-    // Send the response
     await this.transport.send(initialResponseMessage)
   }
 
@@ -559,23 +577,27 @@ export class Peer {
    * @throws Will throw an error if nonce or signature verification fails.
    */
   private async processInitialResponse (message: AuthMessage): Promise<void> {
-    const validNonce = await verifyNonce(message.yourNonce as string, this.wallet, undefined, this.originator)
+    const validNonce = await verifyNonce(
+      message.yourNonce as string,
+      this.wallet,
+      undefined,
+      this.originator
+    )
     if (!validNonce) {
       throw new Error(
         `Initial response nonce verification failed from peer: ${message.identityKey}`
       )
     }
 
-    // This is the session we previously created by calling initiateHandshake
     const peerSession = this.sessionManager.getSession(message.yourNonce as string)
     if (peerSession == null) {
       throw new Error(`Peer session not found for peer: ${message.identityKey}`)
     }
 
-    // Validate message signature
     const dataToVerify = Peer.base64ToBytes(
       (peerSession.sessionNonce ?? '') + (message.initialNonce ?? '')
     )
+
     const { valid } = await this.wallet.verifySignature({
       data: dataToVerify,
       signature: message.signature as number[],
@@ -583,55 +605,74 @@ export class Peer {
       keyID: `${peerSession.sessionNonce ?? ''} ${message.initialNonce ?? ''}`,
       counterparty: message.identityKey
     }, this.originator)
+
     if (!valid) {
       throw new Error(
         `Unable to verify initial response signature for peer: ${message.identityKey}`
       )
     }
 
-    // Now mark the session as authenticated
+    // --- Transport authentication complete ---
     peerSession.peerNonce = message.initialNonce
     peerSession.peerIdentityKey = message.identityKey
     peerSession.isAuthenticated = true
+
+    peerSession.certificatesRequired =
+      Array.isArray(this.certificatesToRequest?.certifiers) &&
+      this.certificatesToRequest.certifiers.length > 0
+
+    // IMPORTANT: validation defaults to false if certs are required
+    peerSession.certificatesValidated = !peerSession.certificatesRequired
+
     peerSession.lastUpdate = Date.now()
     this.sessionManager.updateSession(peerSession)
 
-    // If the handshake had requested certificates, validate them
+    // --- Validate certificates if provided ---
     if (
-      this.certificatesToRequest?.certifiers?.length > 0 &&
-      message.certificates?.length as number > 0
+      peerSession.certificatesRequired &&
+      Array.isArray(message.certificates) &&
+      message.certificates.length > 0
     ) {
-      await validateCertificates(this.wallet, message, this.certificatesToRequest, this.originator)
+      await validateCertificates(
+        this.wallet,
+        message,
+        this.certificatesToRequest,
+        this.originator
+      )
+
+      peerSession.certificatesValidated = true
+      peerSession.lastUpdate = Date.now()
+      this.sessionManager.updateSession(peerSession)
 
-      // Notify listeners
       this.onCertificatesReceivedCallbacks.forEach(cb =>
         cb(message.identityKey, message.certificates as VerifiableCertificate[])
       )
     }
 
-    // Update lastInteractedWithPeer
+    // Update last-interacted peer
     this.lastInteractedWithPeer = message.identityKey
 
-    // Let the handshake wait-latch know we got our response
+    // Release handshake waiters (even if certs still pending)
     this.onInitialResponseReceivedCallbacks.forEach(entry => {
       if (entry.sessionNonce === peerSession.sessionNonce) {
         entry.callback(peerSession.sessionNonce)
       }
     })
 
-    // The peer might also request certificates from us
+    // --- Peer may request certificates from us ---
     if (
-      (message.requestedCertificates != null) &&
+      message.requestedCertificates != null &&
       Array.isArray(message.requestedCertificates.certifiers) &&
       message.requestedCertificates.certifiers.length > 0
     ) {
       if (this.onCertificateRequestReceivedCallbacks.size > 0) {
-        // Let the application handle it
         this.onCertificateRequestReceivedCallbacks.forEach(cb => {
-          cb(message.identityKey, message.requestedCertificates as RequestedCertificateSet)
+          cb(
+            message.identityKey,
+            message.requestedCertificates as RequestedCertificateSet
+          )
         })
       } else {
-        // Attempt auto
         const verifiableCertificates = await getVerifiableCertificates(
           this.wallet,
           message.requestedCertificates,
@@ -789,13 +830,14 @@ export class Peer {
       this.originator
     )
 
+    peerSession.certificatesValidated = true
+    peerSession.lastUpdate = Date.now()
+    this.sessionManager.updateSession(peerSession)
+
     // Notify any listeners
     this.onCertificatesReceivedCallbacks.forEach(cb => {
       cb(message.identityKey, message.certificates ?? [])
     })
-
-    peerSession.lastUpdate = Date.now()
-    this.sessionManager.updateSession(peerSession)
   }
 
   /**
@@ -806,7 +848,13 @@ export class Peer {
    * @throws Will throw an error if nonce or signature verification fails.
    */
   private async processGeneralMessage (message: AuthMessage): Promise<void> {
-    const validNonce = await verifyNonce(message.yourNonce as string, this.wallet, undefined, this.originator)
+    const validNonce = await verifyNonce(
+      message.yourNonce as string,
+      this.wallet,
+      undefined,
+      this.originator
+    )
+
     if (!validNonce) {
       throw new Error(
         `Unable to verify nonce for general message from: ${message.identityKey}`
@@ -818,6 +866,17 @@ export class Peer {
       throw new Error(`Session not found for nonce: ${message.yourNonce as string}`)
     }
 
+    const certificatesRequired = peerSession.certificatesRequired === true
+    const certificatesValidated = peerSession.certificatesValidated === true
+
+    if (certificatesRequired && !certificatesValidated) {
+      throw new Error(
+        `Received general message before certificate validation from peer ${
+          peerSession.peerIdentityKey ?? 'unknown'
+        }`
+      )
+    }
+
     const { valid } = await this.wallet.verifySignature({
       data: message.payload,
       signature: message.signature as number[],
@@ -825,6 +884,7 @@ export class Peer {
       keyID: `${message.nonce ?? ''} ${peerSession.sessionNonce ?? ''}`,
       counterparty: peerSession.peerIdentityKey
     }, this.originator)
+
     if (!valid) {
       throw new Error(
         `Invalid signature in generalMessage from ${peerSession.peerIdentityKey as string}`
@@ -848,10 +908,12 @@ export class Peer {
     if (this.identityPublicKey != null) {
       return this.identityPublicKey
     }
+
     const { publicKey } = await this.wallet.getPublicKey(
       { identityKey: true },
       this.originator
     )
+
     this.identityPublicKey = publicKey
     return publicKey
   }
@@ -860,9 +922,11 @@ export class Peer {
     if (BufferCtor != null) {
       return Array.from(BufferCtor.from(data, 'utf8'))
     }
+
     if (typeof TextEncoder !== 'undefined') {
       return Array.from(new TextEncoder().encode(data))
     }
+
     return Utils.toArray(data, 'utf8')
   }
 
@@ -870,6 +934,7 @@ export class Peer {
     if (BufferCtor != null) {
       return Array.from(BufferCtor.from(data, 'base64'))
     }
+
     return Utils.toArray(data, 'base64')
   }
 }