Generate a virtual node secret for each user and add sign-message endpoint

[johnsBeharry]

Problem

It is currently not possible for someone to sign a message as they do not have their own private keys. Such use cases of signMessage is a web application that uses lnurl-auth

Potential solution

Since lnhub uses shared channels, has a user database (?), and generates auth tokens anyway, there is no added security problems in introducing a a "virtual" node secret that can be used in a "/sign-message" endpoint.

This key does not need to be exposed to the user, they would still backup their lndhub accounts the same way as is currently implemented. It just allows LNDHub users to have a slightly more similar UX when it comes to password-less logins, and other uses application developers may come up with for signing messages.

[xraid]

i belive the device ie. BlueWallet app is the one to sign lnurl-auth with apps "device id" for ex. using bitcoin.js lib ?
and not to have each LN wallet(card) have separated keys ?

[johnsBeharry]

@xraid i think wrt lightning in blue wallet the server has to be the one to sign unless the auth token (lndhub backup string) can be used for this somehow.

[xraid]

it would be messy have each BlueWallet Client LN wallet(card) have its own signature for lnurl-auth etc.

so the device running BlueWallet with its Unique ID: together with something from bitcoin.js could sign for lnurl-auth.

with regards signing with pub_key from LndHub's connected LND from different users with several different LN wallet(cards) ? i do not know how remote service could decode from a expected LND pub_key ? maybe as You say it is possible ?

Please show me how ...

[xraid]

I do not see how one LND pub_key should / could be responsible signing for several devices with several accounts, LND is unaware of LndHub and its accounts ...

[johnsBeharry]

with regards signing with pub_key from LndHub's connected LND from different users with several different LN wallet(cards) ? i do not know how remote service could decode from a expected LND pub_key ? maybe as You say it is possible ?

@xraid I wasn't suggesting it have anything to do with LND actually. To be honest even a key derived from the users lndhub login + password. The main point is that there is a key that is stored in the existing LNDHub database for each user.

with regards signing with pub_key from LndHub's connected LND from different users with several different LN wallet(cards) ? i do not know how remote service could decode from a expected LND pub_key ? maybe as You say it is possible ?

Please show me how ...

The signing doesn't have to happen on LND its happening on the LNDHub service. The end result I'm asking about is an endpoint where one can do POST /signMessage with a body of {message: "some message for signing"}.

[xraid]

You could easily use https://github.com/lndhub-admin/LndHub-Admin-Extension

and in the example ´adminRouter.js` create a endpoint :

POST <config.adminPath>/signMessage

      headers: {
           Content-Type: "application/json",
           Authorization: `Bearer ${config.adminPin}`,
        },

that could return a signed message

would You also return the public key used for signing in the response ?

also introduce a new db record of wallet(card) key in redis

_admin_key_for_account_<****> {privkey: xxx, pubkey: xxx}

[xraid]

well to make it generic for every wallet card we need extend labels for accounts in LndHub

if You like to discuss how . we can do it here : https://t.me/joinchat/L31KXn9TlDNmMTY0