gift unwrap: override rumor pubkey from seal and recompute ID

NIP-17 requires clients verify that the kind:14 pubkey matches the kind:13 pubkey to prevent sender impersonation. The CLI gift unwrap path outputs the rumor as-is without setting the pubkey from the verified seal or recomputing the event ID. This mirrors nip59.GiftUnwrap() which does both operations. The override is placed after the ZeroID sentinel check to preserve decryption failure detection. Fixes https://github.com/fiatjaf/nak/issues/110 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-05 02:01:27 +02:00 · 2026-03-08 09:56:54 -05:00
parent d0c291b25c
commit 52cf03d423
1 changed files with 3 additions and 0 deletions
--- a/gift.go
+++ b/gift.go
@@ -282,6 +282,9 @@ a decoupled key (if it has been created or received with "nak dekey" previously)
 						return fmt.Errorf("failed to decrypt rumor: %w", err)
 					}

+					rumor.PubKey = seal.PubKey
+					rumor.ID = rumor.GetID()
+
 					// output the unwrapped event (rumor)
 					stdout(rumor.String())
 				}