nips/46.md

99 lines
2.9 KiB
Markdown
Raw Permalink Normal View History

NIP-46
======
Nostr Connect
2023-10-18 10:48:18 -04:00
-------------
2023-11-15 19:42:51 -05:00
`draft` `optional`
2023-10-18 10:48:18 -04:00
This NIP describes a method for 2-way communication between a **remote signer** and a normal Nostr client. The remote signer could be, for example, a hardware device dedicated to signing Nostr events, while the client is a normal Nostr client.
2023-10-18 10:48:18 -04:00
## Signer Discovery
2023-11-21 20:31:13 -05:00
The client always starts by generating a random key which is used to communicate with the signer, then it one of the methods below is used to allow the client to know what is the signer public key for the session and which relays to use.
2023-12-02 12:45:10 -05:00
### Started by the signer (nsecBunker)
2023-10-18 10:48:18 -04:00
The remote signer generates a connection token in the form
2023-10-18 10:48:18 -04:00
```
bunker://<hex-pubkey>?relay=wss://...&relay=wss://...&secret=<optional-secret>
2023-10-18 10:48:18 -04:00
```
2023-10-18 10:48:18 -04:00
The user copies that token and pastes it in the client UI somehow. Then the client can send events of kind `24133` to the specified relays and wait for responses from the remote signer.
2023-10-18 10:48:18 -04:00
### Started by the client
2023-10-18 10:48:18 -04:00
The client generates a QR code in the following form (URL-encoded):
2023-10-18 10:48:18 -04:00
```
2023-11-21 20:31:13 -05:00
nostrconnect://<client-key-hex>?relay=wss://...&metadata={"name":"...", "url": "...", "description": "..."}
2023-10-18 10:48:18 -04:00
```
2023-10-18 10:48:18 -04:00
The signer scans the QR code and sends a `connect` message to the client in the specified relays.
2023-10-18 10:48:18 -04:00
## Event payloads
2024-01-08 00:50:52 -05:00
Event payloads are [NIP-04](04.md)-encrypted JSON blobs that look like JSONRPC messages (their format is specified inside the `.content` of the event formats below).
2023-10-18 10:48:18 -04:00
Events sent by the client to the remote signer have the following format:
2023-10-18 10:48:18 -04:00
```js
{
2023-10-18 10:48:18 -04:00
"pubkey": "<client-key-hex>"
"kind": 24133,
"tags": [
["p", "<signer-key-hex>"]
],
2023-12-02 12:45:10 -05:00
"content": "nip04_encrypted_json({id: <random-string>, method: <see-below>, params: [array_of_strings]})",
2023-10-18 10:48:18 -04:00
...
}
```
2023-10-18 10:48:18 -04:00
And the events the remote signer sends to the client have the following format:
2023-10-18 10:48:18 -04:00
```js
"pubkey": "<signer-key-hex>"
"kind": 24133,
"tags": [
["p", "<client-key-hex>"]
],
2023-12-02 12:45:10 -05:00
"content": "nip04_encrypted_json({id: <request-id>, result: <string>, error: <reason-string>})",
2023-10-18 10:48:18 -04:00
...
```
2023-12-02 12:45:10 -05:00
The signer key will always be the key of the user who controls the signer device.
### Methods
2023-10-18 10:48:18 -04:00
- **connect**
- params: [`pubkey`, `secret`]
2023-12-02 12:45:10 -05:00
- result: `"ack"`
- **get_public_key**
2023-10-18 10:48:18 -04:00
- params: []
2023-12-02 12:45:10 -05:00
- result: `pubkey-hex`
- **sign_event**
2023-10-18 10:48:18 -04:00
- params: [`event`]
2023-12-02 12:45:10 -05:00
- result: `json_string(event_with_pubkey_id_and_signature)`
- **get_relays**
2023-10-18 10:48:18 -04:00
- params: []
2023-12-02 12:45:10 -05:00
- result: `json_string({[url: string]: {read: boolean, write: boolean}})`
- **nip04_encrypt**
2023-12-02 12:45:10 -05:00
- params: [`third-party-pubkey`, `plaintext`]
- result: `nip04-ciphertext`
- **nip04_decrypt**
2023-12-02 12:45:10 -05:00
- params: [`third-party-pubkey`, `nip04-ciphertext`]
- result: `plaintext`
2023-12-07 12:01:25 -05:00
- **nip44_get_key**
- params: [`third-party-pubkey`]
- result: `nip44-conversation-key`
- **nip44_encrypt**
- params: [`third-party-pubkey`, `plaintext`]
- result: `nip44-ciphertext`
- **nip44_decrypt**
- params: [`third-party-pubkey`, `nip44-ciphertext`]
- result: `plaintext`
- **ping**
- params: []
- result: `"pong"`