From 686a077c3c3ff2ef97f3aede27d188eacf199f4c Mon Sep 17 00:00:00 2001
From: zeroknowledge0x <rkhandriantonew@gmail.com>
Date: Sun, 31 May 2026 00:46:31 +0000
Subject: [PATCH] fix: validate Ed25519 key type and specify explicit algorithm

- Add asymmetricKeyType check to reject non-Ed25519 keys (RSA, ECDSA, Ed448)
- Pass 'ed25519' explicitly to crypto.verify() instead of null
- Prevents algorithm confusion where non-Ed25519 signatures pass verification
- Fixes #52
---
 src/verify.ts | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/verify.ts b/src/verify.ts
index 9a3280c..e9ce7dd 100644
--- a/src/verify.ts
+++ b/src/verify.ts
@@ -133,9 +133,21 @@ export async function verifyReceipt(receipt: unknown, options: VerifyOptions): P
     };
   }
 
+  // Validate that the resolved key is actually an Ed25519 key
+  const keyType = keyResult.key.asymmetricKeyType;
+  if (keyType !== 'ed25519') {
+    return {
+      verified: false,
+      exitCode: 1,
+      errorCode: 'SIGNATURE_INVALID',
+      errorMessage: `key type mismatch: receipt declares ed25519 but resolved key is ${keyType}`,
+      receiptId: receipt.id as string,
+    };
+  }
+
   const payloadBytes = canonicalizeReceiptBytes(receipt);
   const signatureBytes = Buffer.from(receipt.signatureValue, 'base64');
-  const ok = verifySignature(null, payloadBytes, keyResult.key, signatureBytes);
+  const ok = verifySignature('ed25519', payloadBytes, keyResult.key, signatureBytes);
 
   if (!ok) {
     return {