From: Chris Duncan <chris@codecow.com>
Date: Wed, 13 May 2026 05:15:05 +0000 (-0700)
Subject: Verify Ledger secret by signing simpler nonce instead of blocks.
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=ed2dc6b9903e1920f9a9e1985000da09958e0dbf;p=libnemo.git

Verify Ledger secret by signing simpler nonce instead of blocks.
---

diff --git a/src/lib/ledger.ts b/src/lib/ledger.ts
index 118e4e9..24fa368 100644
--- a/src/lib/ledger.ts
+++ b/src/lib/ledger.ts
@@ -234,7 +234,7 @@ export class Ledger {
 	* The actual message signed is a string which can be expressed as the
 	* following template literal:
 	*
-	* `Nano Signed Nonce:\n${nonceBytes}`
+	* `Nano Signed Nonce:\n${nonce_bytes_as_hex}`
 	*
 	* IMPORTANT: The current version of the Nano app for Ledger devices will NOT
 	* prompt users to confirm the signature. If valid, the nonce will immediately
@@ -346,19 +346,12 @@ export class Ledger {
 	static async verify (secret: string): Promise<boolean> {
 		const testWallet = await Wallet.load('BIP-44', '', secret)
 		secret = ''
+		const nonce = crypto.randomUUID().slice(-16)
 		try {
 			await testWallet.unlock('')
-			const { address, publicKey } = await testWallet.account(0)
-			const testOpenBlock = await new Block(address, '0', publicKey, address)
-				.receive(publicKey, 0)
-				.sign(testWallet, 0)
-			const testSendBlock = await new Block(address, '0', testOpenBlock.hash, address)
-				.send(address, 0)
-				.sign(testWallet, 0)
-			const testSignature = testSendBlock.signature
-			testSendBlock.signature = undefined
+			const testSignature = await testWallet.sign(0, `Nano Signed Nonce:\n${utf8.toHex(nonce)}`)
 			try {
-				const ledgerSignature = await this.sign(0, testSendBlock, testOpenBlock)
+				const ledgerSignature = await this.sign(0, nonce)
 				return ledgerSignature === testSignature
 			} catch (err) {
 				throw new Error('Failed to verify wallet', { cause: err })
@@ -625,8 +618,6 @@ export class Ledger {
 	/**
 	* Sign a nonce with the Ledger device.
 	*
-	* nonce signing is currently broken: https://github.com/LedgerHQ/app-nano/pull/14
-	*
 	* @param {number} index - Account number
 	* @param {Uint8Array} nonce - 128-bit value to sign
 	* @returns {Promise} Status and signature
diff --git a/src/lib/wallet/index.ts b/src/lib/wallet/index.ts
index aeb8a43..2ee4f44 100644
--- a/src/lib/wallet/index.ts
+++ b/src/lib/wallet/index.ts
@@ -342,7 +342,7 @@ export class Wallet {
 	* actual message signed is a string which can be expressed as the following
 	* template literal:
 	*
-	* `Nano Signed Nonce:\n${nonceBytes}`
+	* `Nano Signed Nonce:\n${nonce_bytes_as_hex}`
 	*
 	* IMPORTANT: The current version of the Nano app for Ledger devices will NOT
 	* prompt users to confirm the signature. If valid, the nonce will immediately