diff --git a/app/src/main/java/com/inou/clawdnode/security/DeviceIdentity.kt b/app/src/main/java/com/inou/clawdnode/security/DeviceIdentity.kt index d6b93e7..7f42fbb 100644 --- a/app/src/main/java/com/inou/clawdnode/security/DeviceIdentity.kt +++ b/app/src/main/java/com/inou/clawdnode/security/DeviceIdentity.kt @@ -121,10 +121,14 @@ class DeviceIdentity(context: Context) { Log.d(tag, "Generated signature: ${signatureBase64.take(20)}... (${signatureBytes.size} bytes)") + val keysMatch = derivedPubKey.contentEquals(storedPubKey) + val debugInfo = "Keys match: $keysMatch | Stored: ${storedPubKeyBase64?.take(12)}... | Derived: ${base64UrlEncode(derivedPubKey).take(12)}..." + return SignedChallenge( signature = signatureBase64, signedAt = signedAt, - nonce = nonce + nonce = nonce, + debugInfo = debugInfo ) } @@ -203,6 +207,7 @@ class DeviceIdentity(context: Context) { data class SignedChallenge( val signature: String, val signedAt: Long, - val nonce: String + val nonce: String, + val debugInfo: String = "" // For debugging key derivation ) } diff --git a/app/src/main/java/com/inou/clawdnode/service/GatewayClient.kt b/app/src/main/java/com/inou/clawdnode/service/GatewayClient.kt index d5b8c76..1f36a33 100644 --- a/app/src/main/java/com/inou/clawdnode/service/GatewayClient.kt +++ b/app/src/main/java/com/inou/clawdnode/service/GatewayClient.kt @@ -228,7 +228,8 @@ class GatewayClient( deviceId = deviceIdentity.deviceId signedChallenge = deviceIdentity.signChallenge(nonce) publicKey = deviceIdentity.publicKey - log("Device identity ready: id=${deviceId.take(8)}..., signed challenge") + log("Device identity ready: id=${deviceId.take(8)}...") + log("DEBUG: ${signedChallenge.debugInfo}") } catch (e: Exception) { logError("Failed to initialize device identity or sign challenge", e) // Cannot proceed without device identity for non-local connections