From d0c291b25c6615ebadbff3ab4284b3e81a3a5819 Mon Sep 17 00:00:00 2001
From: alltheseas <alltheseas@users.noreply.github.com>
Date: Sun, 8 Mar 2026 09:56:35 -0500
Subject: [PATCH] gift unwrap: verify seal signature before trusting pubkey

The CLI gift unwrap path skips seal signature verification that
nip59.GiftUnwrap() performs. Without this check, a forged seal
with an arbitrary pubkey would be trusted for decryption key
lookup and sender identity.

Fixes https://github.com/fiatjaf/nak/issues/110

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 gift.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gift.go b/gift.go
index b187ae5..ea9b54d 100644
--- a/gift.go
+++ b/gift.go
@@ -239,6 +239,10 @@ a decoupled key (if it has been created or received with "nak dekey" previously)
 						return fmt.Errorf("not a seal event (kind %d)", seal.Kind)
 					}
 
+					if !seal.VerifySignature() {
+						return fmt.Errorf("seal signature is invalid")
+					}
+
 					senderEncryptionPublicKeys := []nostr.PubKey{seal.PubKey}
 					if theirEPub, exists := getDecoupledEncryptionPublicKey(ctx, seal.PubKey); exists {
 						senderEncryptionPublicKeys = append(senderEncryptionPublicKeys, seal.PubKey)