Fix Ed25519 signature: use standard mode, not prehashed

EdDSAEngine(MessageDigest) is for Ed25519ph (prehashed mode). Standard Ed25519 requires EdDSAEngine() with no arguments.
2026-01-28 18:53:47 +00:00 · 2026-01-28 18:53:47 +00:00 · 94f1da3ff1
parent 56120a9b6b
commit 94f1da3ff1
1 changed files with 2 additions and 2 deletions
--- a/app/src/main/java/com/inou/clawdnode/security/DeviceIdentity.kt
+++ b/app/src/main/java/com/inou/clawdnode/security/DeviceIdentity.kt
@ -101,8 +101,8 @@ class DeviceIdentity(context: Context) {
        val privateKeySpec = EdDSAPrivateKeySpec(privateKeyBytes, ed25519Spec)
        val privateKey = EdDSAPrivateKey(privateKeySpec)
        
-        // Sign the payload
-        val signature = EdDSAEngine(MessageDigest.getInstance(ed25519Spec.hashAlgorithm)).apply {
+        // Sign the payload using standard Ed25519 (not prehashed Ed25519ph)
+        val signature = EdDSAEngine().apply {
            initSign(privateKey)
            update(payload.toByteArray(Charsets.UTF_8))
        }