diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/taler_exchange_service.h | 11 | ||||
| -rw-r--r-- | src/lib/exchange_api_batch_withdraw2.c | 4 |
2 files changed, 10 insertions, 5 deletions
diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h index b2e513341..8a59f157f 100644 --- a/src/include/taler_exchange_service.h +++ b/src/include/taler_exchange_service.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2023 Taler Systems SA + Copyright (C) 2014-2024 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software @@ -2591,7 +2591,8 @@ typedef void /** * Withdraw multiple coins from the exchange using a /reserves/$RESERVE_PUB/batch-withdraw * request. This API is typically used by a wallet to withdraw many coins from a - * reserve. + * reserve. The blind signatures are unblinded and verified before being returned + * to the caller at @a res_cb. * * Note that to ensure that no money is lost in case of hardware * failures, the caller must have committed (most of) the arguments to @@ -2688,7 +2689,11 @@ struct TALER_EXCHANGE_Withdraw2Handle; /** * Withdraw a coin from the exchange using a /reserves/$RESERVE_PUB/withdraw * request. This API is typically used by a merchant to withdraw a tip - * where the blinding factor is unknown to the merchant. + * where the blinding factor is unknown to the merchant. Note that unlike + * the #TALER_EXCHANGE_withdraw() API, this API neither unblinds the signatures + * nor can it verify that the exchange signatures are valid, so these tasks + * are left to the caller. Wallets probably should use #TALER_EXCHANGE_withdraw() + * which integrates these steps. * * Note that to ensure that no money is lost in case of hardware * failures, the caller must have committed (most of) the arguments to diff --git a/src/lib/exchange_api_batch_withdraw2.c b/src/lib/exchange_api_batch_withdraw2.c index a512fed14..ff1496466 100644 --- a/src/lib/exchange_api_batch_withdraw2.c +++ b/src/lib/exchange_api_batch_withdraw2.c @@ -89,8 +89,8 @@ struct TALER_EXCHANGE_BatchWithdraw2Handle /** * We got a 200 OK response for the /reserves/$RESERVE_PUB/batch-withdraw operation. * Extract the coin's signature and return it to the caller. The signature we - * get from the exchange is for the blinded value. Thus, we first must - * unblind it and then should verify its validity against our coin's hash. + * get from the exchange is for the blinded value. As we do not have the + * blinding factor, the signature CANNOT be verified. * * If everything checks out, we return the unblinded signature * to the application via the callback. |