selfcustody · odudex · Mar 30, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,8 @@
 # Changelog 26.03.1 - March 2025
 
 ### Security Fixes
-Reject PSBT inputs with non-standard sighash types before signing
+- Reject PSBT inputs with non-standard sighash types before signing
+- Warn user before signing raw hashes in message signing
 
 # Changelog 26.03.0 - March 2025
 

diff --git a/i18n/translations/de-DE.json b/i18n/translations/de-DE.json
@@ -276,6 +276,7 @@
     "Signature:": "Signatur:",
     "Signed Message": "Signierte Nachricht",
     "Signed PSBT": "Signierte PSBT",
+    "Signing raw hash. Proceed only if you trust the source.": "Signieren von Roh-Hash. Fahren Sie nur fort, wenn Sie der Quelle vertrauen.",
     "Signing…": "Unterzeichnung…",
     "Single-sig": "Single-Sig",
     "Size:": "Größe:",

diff --git a/i18n/translations/es-MX.json b/i18n/translations/es-MX.json
@@ -276,6 +276,7 @@
     "Signature:": "Firma:",
     "Signed Message": "Mensaje Firmado",
     "Signed PSBT": "PSBT Firmado",
+    "Signing raw hash. Proceed only if you trust the source.": "Firmar hash sin procesar. Proceda solo si confía en la fuente.",
     "Signing…": "Firma…",
     "Single-sig": "Single-sig",
     "Size:": "Tamaño:",

diff --git a/i18n/translations/fr-FR.json b/i18n/translations/fr-FR.json
@@ -276,6 +276,7 @@
     "Signature:": "Signature :",
     "Signed Message": "Message signé",
     "Signed PSBT": "PSBT signé",
+    "Signing raw hash. Proceed only if you trust the source.": "Signature du hachage brut. Procédez uniquement si vous faites confiance à la source.",
     "Signing…": "Signature…",
     "Single-sig": "Clé unique",
     "Size:": "Capacité :",

diff --git a/i18n/translations/ja-JP.json b/i18n/translations/ja-JP.json
@@ -276,6 +276,7 @@
     "Signature:": "サイン:",
     "Signed Message": "サイン付きメッセージ",
     "Signed PSBT": "サインされたPSBT",
+    "Signing raw hash. Proceed only if you trust the source.": "生のハッシュに署名します.ソースを信頼している場合にのみ続行します.",
     "Signing…": "署名…",
     "Single-sig": "シングルサイン",
     "Size:": "サイズ:",

diff --git a/i18n/translations/ko-KR.json b/i18n/translations/ko-KR.json
@@ -276,6 +276,7 @@
     "Signature:": "서명:",
     "Signed Message": "서명된 메시지",
     "Signed PSBT": "서명된 PSBT",
+    "Signing raw hash. Proceed only if you trust the source.": "원시 해시에 서명합니다. 소스를 신뢰하는 경우에만 진행합니다.",
     "Signing…": "서명…",
     "Single-sig": "단일서명",
     "Size:": "크기:",

diff --git a/i18n/translations/nl-NL.json b/i18n/translations/nl-NL.json
@@ -276,6 +276,7 @@
     "Signature:": "Handtekening:",
     "Signed Message": "Bericht ondertekend",
     "Signed PSBT": "PSBT ondertekend",
+    "Signing raw hash. Proceed only if you trust the source.": "RAW-hash ondertekenen. Ga alleen verder als je de bron vertrouwt.",
     "Signing…": "Signing…",
     "Single-sig": "Enkele sleutel",
     "Size:": "Grootte:",

diff --git a/i18n/translations/pt-BR.json b/i18n/translations/pt-BR.json
@@ -276,6 +276,7 @@
     "Signature:": "Assinatura:",
     "Signed Message": "Mensagem assinada",
     "Signed PSBT": "PSBT assinada",
+    "Signing raw hash. Proceed only if you trust the source.": "Assinando hash bruto. Prossiga somente se você confiar na fonte.",
     "Signing…": "Assinando…",
     "Single-sig": "Single-sig",
     "Size:": "Tamanho:",

diff --git a/i18n/translations/ru-RU.json b/i18n/translations/ru-RU.json
@@ -276,6 +276,7 @@
     "Signature:": "Подпись:",
     "Signed Message": "Подписанное Сообщение",
     "Signed PSBT": "Подписанное PSBT",
+    "Signing raw hash. Proceed only if you trust the source.": "Подписание необработанного хэша. Продолжайте, только если вы доверяете источнику.",
     "Signing…": "Подпись…",
     "Single-sig": "Одна подпись",
     "Size:": "Размер:",

diff --git a/i18n/translations/tr-TR.json b/i18n/translations/tr-TR.json
@@ -276,6 +276,7 @@
     "Signature:": "İmza:",
     "Signed Message": "İmzalı Mesaj",
     "Signed PSBT": "İmzalı PSBT",
+    "Signing raw hash. Proceed only if you trust the source.": "Ham karma imzalanıyor. Yalnızca kaynağa güveniyorsanız devam edin.",
     "Signing…": "İmzalama…",
     "Single-sig": "Tek-imza",
     "Size:": "Boyut:",

diff --git a/i18n/translations/vi-VN.json b/i18n/translations/vi-VN.json
@@ -276,6 +276,7 @@
     "Signature:": "Chữ ký:",
     "Signed Message": "Tin nhắn đã ký",
     "Signed PSBT": "Đã ký PSBT",
+    "Signing raw hash. Proceed only if you trust the source.": "Ký mã băm thô. Chỉ tiến hành nếu bạn tin tưởng nguồn.",
     "Signing…": "Biển báo…",
     "Single-sig": "Khóa đơn",
     "Size:": "Dung lượng:",

diff --git a/i18n/translations/zh-CN.json b/i18n/translations/zh-CN.json
@@ -276,6 +276,7 @@
     "Signature:": "签名:",
     "Signed Message": "签名消息",
     "Signed PSBT": "已签名 PSBT",
+    "Signing raw hash. Proceed only if you trust the source.": "签名原始哈希.仅当您信任源时才继续.",
     "Signing…": "签名…",
     "Single-sig": "单签",
     "Size:": "大小:",

diff --git a/src/krux/pages/home_pages/sign_message_ui.py b/src/krux/pages/home_pages/sign_message_ui.py
@@ -234,10 +234,21 @@ def _sign_at_address_from_sd(self, data):
 
     def sign_standard_message(self, data):
         """Signs a standard message"""
-        message_hash = self._compute_message_hash(data)
+        message_hash, is_raw_hash = self._compute_message_hash(data)
         if message_hash is None:
             return ""
 
+        if is_raw_hash:
+            self.ctx.display.clear()
+            self.ctx.display.draw_centered_text(
+                t("Warning:")
+                + "\n\n"
+                + t("Signing raw hash. Proceed only if you trust the source."),
+                highlight_prefix=":",
+            )
+            if not self.prompt(t("Proceed?"), BOTTOM_PROMPT_LINE):
+                return ""
+
         self.ctx.display.clear()
         self.ctx.display.draw_centered_text(
             "SHA256:\n\n%s" % binascii.hexlify(message_hash).decode(),
@@ -251,15 +262,15 @@ def sign_standard_message(self, data):
         return sig
 
     def _compute_message_hash(self, data):
-        """Computes the hash for the message"""
+        """Computes the hash for the message, returns (hash, is_raw_hash)"""
         if len(data) == 32:
-            return data
+            return data, True
         if len(data) == 64:
             try:
-                return binascii.unhexlify(data)
+                return binascii.unhexlify(data), True
             except:
                 pass
-        return hashlib.sha256(data).digest()
+        return hashlib.sha256(data).digest(), False
 
     def _export_signature(
         self,

diff --git a/src/krux/translations/__init__.py b/src/krux/translations/__init__.py
@@ -310,6 +310,7 @@
     1512492264,
     1988416729,
     3672006076,
+    2420425663,
     1100365444,
     2281377987,
     2019512665,

diff --git a/src/krux/translations/de.py b/src/krux/translations/de.py
@@ -298,6 +298,7 @@
     "Signatur:",
     "Signierte Nachricht",
     "Signierte PSBT",
+    "Signieren von Roh-Hash. Fahren Sie nur fort, wenn Sie der Quelle vertrauen.",
     "Unterzeichnung…",
     "Single-Sig",
     "Größe:",

diff --git a/src/krux/translations/es.py b/src/krux/translations/es.py
@@ -298,6 +298,7 @@
     "Firma:",
     "Mensaje Firmado",
     "PSBT Firmado",
+    "Firmar hash sin procesar. Proceda solo si confía en la fuente.",
     "Firma…",
     "Single-sig",
     "Tamaño:",

diff --git a/src/krux/translations/fr.py b/src/krux/translations/fr.py
@@ -298,6 +298,7 @@
     "Signature\u2009:",
     "Message signé",
     "PSBT signé",
+    "Signature du hachage brut. Procédez uniquement si vous faites confiance à la source.",
     "Signature…",
     "Clé unique",
     "Capacité\u2009:",

diff --git a/src/krux/translations/ja.py b/src/krux/translations/ja.py
@@ -298,6 +298,7 @@
     "サイン:",
     "サイン付きメッセージ",
     "サインされたPSBT",
+    "生のハッシュに署名します.ソースを信頼している場合にのみ続行します.",
     "署名…",
     "シングルサイン",
     "サイズ:",

diff --git a/src/krux/translations/ko.py b/src/krux/translations/ko.py
@@ -298,6 +298,7 @@
     "서명:",
     "서명된 메시지",
     "서명된 PSBT",
+    "원시 해시에 서명합니다. 소스를 신뢰하는 경우에만 진행합니다.",
     "서명…",
     "단일서명",
     "크기:",

diff --git a/src/krux/translations/nl.py b/src/krux/translations/nl.py
@@ -298,6 +298,7 @@
     "Handtekening:",
     "Bericht ondertekend",
     "PSBT ondertekend",
+    "RAW-hash ondertekenen. Ga alleen verder als je de bron vertrouwt.",
     "Signing…",
     "Enkele sleutel",
     "Grootte:",

diff --git a/src/krux/translations/pt.py b/src/krux/translations/pt.py
@@ -298,6 +298,7 @@
     "Assinatura:",
     "Mensagem assinada",
     "PSBT assinada",
+    "Assinando hash bruto. Prossiga somente se você confiar na fonte.",
     "Assinando…",
     "Single-sig",
     "Tamanho:",

diff --git a/src/krux/translations/ru.py b/src/krux/translations/ru.py
@@ -298,6 +298,7 @@
     "Подпись:",
     "Подписанное Сообщение",
     "Подписанное PSBT",
+    "Подписание необработанного хэша. Продолжайте, только если вы доверяете источнику.",
     "Подпись…",
     "Одна подпись",
     "Размер:",

diff --git a/src/krux/translations/tr.py b/src/krux/translations/tr.py
@@ -298,6 +298,7 @@
     "İmza:",
     "İmzalı Mesaj",
     "İmzalı PSBT",
+    "Ham karma imzalanıyor. Yalnızca kaynağa güveniyorsanız devam edin.",
     "İmzalama…",
     "Tek-imza",
     "Boyut:",

diff --git a/src/krux/translations/vi.py b/src/krux/translations/vi.py
@@ -298,6 +298,7 @@
     "Chữ ký:",
     "Tin nhắn đã ký",
     "Đã ký PSBT",
+    "Ký mã băm thô. Chỉ tiến hành nếu bạn tin tưởng nguồn.",
     "Biển báo…",
     "Khóa đơn",
     "Dung lượng:",

diff --git a/src/krux/translations/zh.py b/src/krux/translations/zh.py
@@ -298,6 +298,7 @@
     "签名:",
     "签名消息",
     "已签名 PSBT",
+    "签名原始哈希.仅当您信任源时才继续.",
     "签名…",
     "单签",
     "大小:",

diff --git a/tests/pages/home_pages/test_sign_message_ui.py b/tests/pages/home_pages/test_sign_message_ui.py
@@ -21,6 +21,7 @@ def test_sign_message(mocker, m5stickv, tdata):
             # 3 btn_seq
             [
                 BUTTON_ENTER,  # Load from camera
+                BUTTON_ENTER,  # Raw hash warning - Proceed
                 BUTTON_ENTER,  # Confirm to Sign SHA
                 BUTTON_ENTER,  # Check signature
                 BUTTON_ENTER,  # Sign to QR code
@@ -41,6 +42,7 @@ def test_sign_message(mocker, m5stickv, tdata):
             None,
             [
                 BUTTON_ENTER,  # Load from camera
+                BUTTON_ENTER,  # Raw hash warning - Proceed
                 BUTTON_ENTER,  # Confirm to Sign SHA
                 BUTTON_ENTER,  # Check signature
                 BUTTON_ENTER,  # Sign to QR code
@@ -95,6 +97,7 @@ def test_sign_message(mocker, m5stickv, tdata):
             MockPrinter(),
             [
                 BUTTON_ENTER,  # Load from camera
+                BUTTON_ENTER,  # Raw hash warning - Proceed
                 BUTTON_ENTER,  # Confirm to Sign SHA
                 BUTTON_ENTER,  # Check signature
                 BUTTON_ENTER,  # Sign to QR code
@@ -115,6 +118,7 @@ def test_sign_message(mocker, m5stickv, tdata):
             MockPrinter(),
             [
                 BUTTON_ENTER,  # Load from camera
+                BUTTON_ENTER,  # Raw hash warning - Proceed
                 BUTTON_ENTER,  # Confirm to Sign SHA
                 BUTTON_ENTER,  # Check signature
                 BUTTON_ENTER,  # Sign to QR code
@@ -128,14 +132,14 @@ def test_sign_message(mocker, m5stickv, tdata):
             "02707a62fdacc26ea9b63b1c197906f56ee0180d0bcf1966e1a2da34f5f3a09a9b",
             None,
         ),
-        # 6 Hex-encoded hash, Decline to sign
+        # 6 Hex-encoded hash, Decline at raw hash warning
         (
             "1af9487b14714080ce5556b4455fd06c4e0a5f719d8c0ea2b5a884e5ebfc6de7",
             FORMAT_NONE,
             None,
             [
                 BUTTON_ENTER,  # Load from camera
-                BUTTON_PAGE,  # Decline to sign
+                BUTTON_PAGE,  # Decline raw hash warning
             ],
             None,
             None,