DNS authentication always fails: Ed25519 signature verification failed

[Baldri]

Problem

DNS authentication with mcp-publisher login dns always fails with "Ed25519 signature verification failed", regardless of key or DNS record.

Steps to Reproduce

1. Generate Ed25519 keypair:

   openssl genpkey -algorithm ed25519 -out key.pem

2. Extract public key and set DNS TXT record:

   _mcp-auth.nexbid.dev TXT "v=MCPv1; k=ed25519; p=CmELkdW27Q+pySZRD1ezkXAG/SbeDhGWAjtuKKMKixg="
   

3. Verify DNS propagation:

   dig TXT _mcp-auth.nexbid.dev +short
   # Returns: "v=MCPv1; k=ed25519; p=CmELkdW27Q+pySZRD1ezkXAG/SbeDhGWAjtuKKMKixg="

4. Attempt login:

   mcp-publisher login dns --domain nexbid.dev --private-key <hex-encoded-seed>

5. CLI shows the expected proof record matches DNS exactly, but server returns:

   Error: Ed25519 signature verification failed
   

Additional Context

• Tested with two different Ed25519 keypairs — same result
• DNS TXT record verified propagated via dig
• Expected proof record output matches DNS TXT exactly
• mcp-publisher version: 1.5.0 (Homebrew)
• OpenSSL: 3.5.0 (Homebrew, not macOS LibreSSL)
• The server successfully created an entry dev.nexbid/discovery during one attempt (URL is now reserved), but subsequent auth attempts all fail
• GitHub OAuth works fine for io.github.Baldri/* namespace, but cannot manage the dev.nexbid/* entry

Consequence

• Cannot manage existing dev.nexbid/discovery entry
• Cannot publish new versions under dev.nexbid/* namespace
• URL https://mcp.nexbid.dev/mcp is blocked by the orphaned entry
• Deadlock: DNS auth broken → can't manage entry → can't free URL → can't publish via GitHub OAuth either

Expected Behavior

DNS authentication should succeed when the DNS TXT record matches the expected proof record.

Environment

• macOS 15 (Apple Silicon)
• mcp-publisher 1.5.0
• Domain: nexbid.dev