@unicitylabs/sphere-sdk 0.5.7 → 0.5.8

package/dist/index.cjs

@@ -846,6 +846,7 @@ __export(index_exports, {
   NIP29_KINDS: () => NIP29_KINDS,
   NOSTR_EVENT_KINDS: () => NOSTR_EVENT_KINDS,
   PaymentsModule: () => PaymentsModule,
+  SIGN_MESSAGE_PREFIX: () => SIGN_MESSAGE_PREFIX,
   STORAGE_KEYS: () => STORAGE_KEYS,
   STORAGE_KEYS_ADDRESS: () => STORAGE_KEYS_ADDRESS,
   STORAGE_KEYS_GLOBAL: () => STORAGE_KEYS_GLOBAL,
@@ -913,6 +914,7 @@ __export(index_exports, {
   hasValidTxfData: () => hasValidTxfData,
   hash160: () => hash160,
   hashNametag: () => import_nostr_js_sdk4.hashNametag,
+  hashSignMessage: () => hashSignMessage,
   hexToBytes: () => hexToBytes,
   identityFromMnemonicSync: () => identityFromMnemonicSync,
   initSphere: () => initSphere,
@@ -954,6 +956,7 @@ __export(index_exports, {
   randomUUID: () => randomUUID,
   ripemd160: () => ripemd160,
   sha256: () => sha256,
+  signMessage: () => signMessage,
   sleep: () => sleep,
   sphereExists: () => sphereExists,
   toHumanReadable: () => toHumanReadable,
@@ -962,7 +965,8 @@ __export(index_exports, {
   tokenIdFromKey: () => tokenIdFromKey,
   tokenToTxf: () => tokenToTxf,
   txfToToken: () => txfToToken,
-  validateMnemonic: () => validateMnemonic2
+  validateMnemonic: () => validateMnemonic2,
+  verifySignedMessage: () => verifySignedMessage
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -1238,6 +1242,73 @@ function generateAddressInfo(privateKey, index, path, prefix = "alpha") {
     index
   };
 }
+var SIGN_MESSAGE_PREFIX = "Sphere Signed Message:\n";
+function varint(n) {
+  if (n < 253) return new Uint8Array([n]);
+  const buf = new Uint8Array(3);
+  buf[0] = 253;
+  buf[1] = n & 255;
+  buf[2] = n >> 8 & 255;
+  return buf;
+}
+function hashSignMessage(message) {
+  const prefix = new TextEncoder().encode(SIGN_MESSAGE_PREFIX);
+  const msg = new TextEncoder().encode(message);
+  const prefixLen = varint(prefix.length);
+  const msgLen = varint(msg.length);
+  const full = new Uint8Array(prefixLen.length + prefix.length + msgLen.length + msg.length);
+  let off = 0;
+  full.set(prefixLen, off);
+  off += prefixLen.length;
+  full.set(prefix, off);
+  off += prefix.length;
+  full.set(msgLen, off);
+  off += msgLen.length;
+  full.set(msg, off);
+  const hex = Array.from(full).map((b) => b.toString(16).padStart(2, "0")).join("");
+  const h1 = import_crypto_js2.default.SHA256(import_crypto_js2.default.enc.Hex.parse(hex)).toString();
+  return import_crypto_js2.default.SHA256(import_crypto_js2.default.enc.Hex.parse(h1)).toString();
+}
+function signMessage(privateKeyHex, message) {
+  const keyPair = ec.keyFromPrivate(privateKeyHex, "hex");
+  const hashHex = hashSignMessage(message);
+  const hashBytes = Buffer.from(hashHex, "hex");
+  const sig = keyPair.sign(hashBytes, { canonical: true });
+  const pub = keyPair.getPublic();
+  let recoveryParam = -1;
+  for (let i = 0; i < 4; i++) {
+    try {
+      if (ec.recoverPubKey(hashBytes, sig, i).eq(pub)) {
+        recoveryParam = i;
+        break;
+      }
+    } catch {
+    }
+  }
+  if (recoveryParam === -1) {
+    throw new SphereError("Could not find recovery parameter", "SIGNING_ERROR");
+  }
+  const v = (31 + recoveryParam).toString(16).padStart(2, "0");
+  const r = sig.r.toString("hex").padStart(64, "0");
+  const s = sig.s.toString("hex").padStart(64, "0");
+  return v + r + s;
+}
+function verifySignedMessage(message, signature, expectedPubkey) {
+  if (signature.length !== 130) return false;
+  const v = parseInt(signature.slice(0, 2), 16) - 31;
+  const r = signature.slice(2, 66);
+  const s = signature.slice(66, 130);
+  if (v < 0 || v > 3) return false;
+  const hashHex = hashSignMessage(message);
+  const hashBytes = Buffer.from(hashHex, "hex");
+  try {
+    const recovered = ec.recoverPubKey(hashBytes, { r, s }, v);
+    const recoveredHex = recovered.encode("hex", true);
+    return recoveredHex === expectedPubkey;
+  } catch {
+    return false;
+  }
+}
 
 // l1/crypto.ts
 var import_crypto_js3 = __toESM(require("crypto-js"), 1);
@@ -14454,6 +14525,23 @@ var Sphere = class _Sphere {
     return this._initialized;
   }
   // ===========================================================================
+  // Public Methods - Signing
+  // ===========================================================================
+  /**
+   * Sign a plaintext message with the wallet's secp256k1 private key.
+   *
+   * Returns a 130-character hex string: v (2) + r (64) + s (64).
+   * The private key never leaves the SDK boundary.
+   *
+   * @throws SphereError if the wallet is not initialized or identity is missing
+   */
+  signMessage(message) {
+    if (!this._identity?.privateKey) {
+      throw new SphereError("Wallet not initialized \u2014 cannot sign", "NOT_INITIALIZED");
+    }
+    return signMessage(this._identity.privateKey, message);
+  }
+  // ===========================================================================
   // Public Methods - Providers Access
   // ===========================================================================
   getStorage() {
@@ -17476,6 +17564,7 @@ function createPriceProvider(config) {
   NIP29_KINDS,
   NOSTR_EVENT_KINDS,
   PaymentsModule,
+  SIGN_MESSAGE_PREFIX,
   STORAGE_KEYS,
   STORAGE_KEYS_ADDRESS,
   STORAGE_KEYS_GLOBAL,
@@ -17543,6 +17632,7 @@ function createPriceProvider(config) {
   hasValidTxfData,
   hash160,
   hashNametag,
+  hashSignMessage,
   hexToBytes,
   identityFromMnemonicSync,
   initSphere,
@@ -17584,6 +17674,7 @@ function createPriceProvider(config) {
   randomUUID,
   ripemd160,
   sha256,
+  signMessage,
   sleep,
   sphereExists,
   toHumanReadable,
@@ -17592,7 +17683,8 @@ function createPriceProvider(config) {
   tokenIdFromKey,
   tokenToTxf,
   txfToToken,
-  validateMnemonic
+  validateMnemonic,
+  verifySignedMessage
 });
 /*! Bundled license information: