Add debug logging to verify public key derivation

2026-01-28 18:57:50 +00:00 · 2026-01-28 18:57:50 +00:00 · 661a668169
parent 94f1da3ff1
commit 661a668169
1 changed files with 10 additions and 1 deletions
--- a/app/src/main/java/com/inou/clawdnode/security/DeviceIdentity.kt
+++ b/app/src/main/java/com/inou/clawdnode/security/DeviceIdentity.kt
@ -97,10 +97,19 @@ class DeviceIdentity(context: Context) {
            ?: throw IllegalStateException("No private key available")
        val privateKeyBytes = base64UrlDecode(privateKeyBase64)
        
-        // Create EdDSA private key
+        // Create EdDSA private key from seed
        val privateKeySpec = EdDSAPrivateKeySpec(privateKeyBytes, ed25519Spec)
        val privateKey = EdDSAPrivateKey(privateKeySpec)
        
+        // Verify the derived public key matches stored public key
+        val derivedPubKey = privateKey.abyte
+        val storedPubKeyBase64 = prefs.getString(keyPublic, null)
+        val storedPubKey = storedPubKeyBase64?.let { base64UrlDecode(it) }
+        
+        Log.d(tag, "Stored pubkey:  ${storedPubKeyBase64?.take(20)}...")
+        Log.d(tag, "Derived pubkey: ${base64UrlEncode(derivedPubKey).take(20)}...")
+        Log.d(tag, "Keys match: ${derivedPubKey.contentEquals(storedPubKey)}")
+        
        // Sign the payload using standard Ed25519 (not prehashed Ed25519ph)
        val signature = EdDSAEngine().apply {
            initSign(privateKey)