Skip to content

H5: Use pubkey hash for storage paths (V3+) and zero sensitive bytes#915

Open
DavidGershony wants to merge 2 commits into
mainfrom
security/h5-pubkey-hash-storage-path
Open

H5: Use pubkey hash for storage paths (V3+) and zero sensitive bytes#915
DavidGershony wants to merge 2 commits into
mainfrom
security/h5-pubkey-hash-storage-path

Conversation

@DavidGershony

Copy link
Copy Markdown
Collaborator

Summary

Avoid exposing private key bytes in derivation paths and ensure all sensitive byte arrays are zeroed after use.

Changes

DeriveLeadInvestorSecretHash

  • V3+: Hash only the derived public key — deterministic and doesn't require private key bytes at all
  • V1/V2: Keep legacy behavior (hash full ExtKey serialization) but now zero the byte array in a finally block

DeriveNostrStoragePassword

  • Zero the private key byte array in a finally block after hashing
  • Remove redundant .Replace("-", "").ToLower() (Encoders.Hex.EncodeData already returns lowercase hex without dashes)

Rationale

Private key bytes left unzeroed in managed memory can be read by memory-scraping malware or appear in crash dumps. By zeroing them immediately after use and (for V3+) avoiding private key bytes entirely, we reduce the attack surface.

Testing

All 154 shared tests pass. V1/V2 derivation produces the same hash output as before (backward compatible).

DeriveLeadInvestorSecretHash:
- V3+: hash only the derived public key (no private material needed)
- V1/V2: zero the ExtKey byte array in a finally block after hashing

DeriveNostrStoragePassword:
- Zero the private key byte array in a finally block after hashing
- Remove redundant .Replace/ToLower (Encoders.Hex already returns lowercase)

These changes ensure sensitive key material doesn't linger in memory
after use, reducing the window for memory-scraping attacks.
if (projectVersion >= 3)
{
// V3+: Hash only the public key (deterministic, doesn't expose private key bytes)
var pubKeyBytes = extPubKey.PubKey.ToBytes();

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is deriving the secret hash, if we derive using the pubkey and the pubkey is leaked then anyone can derive the hash no?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants