Sep45Invalid
Exception thrown when the server's signature on an authorization entry is invalid.
SEP-45 Security Requirement: The server's authorization entry MUST contain a valid Ed25519 signature that can be verified against the server's signing key from stellar.toml.
This is the MOST CRITICAL security check in SEP-45 validation. It protects against:
Man-in-the-middle attacks (attacker intercepting and modifying challenges)
Phishing attacks (fake server generating invalid challenges)
Challenge tampering (modification of challenge after server signing)
Signature verification process:
Build HashIDPreimageSorobanAuthorization from the entry's values:
networkId (hash of network passphrase)
nonce (from entry's credentials)
signatureExpirationLedger (from entry's credentials)
invocation (rootInvocation)
Hash the preimage with SHA-256
Extract public_key and signature from credentials.addressCredentials.signature
Verify public_key matches serverSigningKey
Verify signature using Ed25519
Security warning: NEVER sign authorization entries with an invalid server signature. An invalid signature means:
The challenge did not come from the legitimate server
The challenge may have been modified in transit
You may be communicating with an attacker
If you receive this error:
Verify you're connecting to the correct domain (check HTTPS certificate)
Verify the server signing key matches the stellar.toml
Report the incident if it persists (possible security breach)
Example - Handle invalid server signature:
try {
webAuth.validateChallenge(authEntries, accountId)
} catch (e: Sep45InvalidServerSignatureException) {
logger.error("CRITICAL SECURITY: Invalid server signature!")
logger.error(e.message)
// DO NOT proceed - possible MITM attack
// Alert security team if in production
}Parameters
Description of the signature verification failure