Sign Tool security
The current SignTool together with mucats CRA is a nice proof of concept, but it's a security risk for Alice to have a tool for others to trick her into signing arbitrary data.
This could be used to humiliate Alice by getting her to sign "I hate cats", or the base64 or hash of that, or a bank transfer, for example. (aka chosen plaintext attack)
The current scheme is that mucat Bob generates 64 byte nonce a1, and sends challenge=b64(a1) to muwire Alice. Alice does no validity or length checks, and returns b64(sig(challenge)). Replay attacks are prevented by Bob ensuring that a1 is never reused.
Slightly better is if Alice validates that challenge=b64(a1) is valid b64 and that the length of a1 is correct by base64.decode(challenge). Then, Alice generates nonce a2, and returns b64(a2 + sig(h(a2 + h(challenge)))). This is somewhat inspired from HTTP Digest auth, RFC 2617.
This still ignores other security issues such as MITM (possibly minor for I2P), lack of timestamps, etc. I will soon be investigating "real" public key challenge/response using modern standards and putting destination keys on Yubikeys. I'll make recommendations as I learn more.