nips/60.md

NIP-60
======

Secure file load from URL
-------------------------

`draft` `optional` `author:leandro21b`

## Description:

A mechanism that allows the client to verify the hash of a file such as image, video, source codes, and others And ensure that the server that hosted the file has not changed any data, in addition that same file can be stored on several servers at the same time, so if one server goes down the file can still be loaded via other servers.

When a user is going to publish a file, the client takes the file type ex: (img), the format ex: (png), and generates a SHA256 hash, then the client sends the file to the servers that the user chooses, then the client takes the urls that carry the file, unites all this data and declares it in the field (tags), several different files can be declared in a post as in the example below:

## Example:

```json
{
  "id": <id>,
  "pubkey": <pubkey>,
  "created_at": <created_at>,
  "kind": 1,
  "tags": [
    ["img", "png", <ImgFileSHA256>, <ImgURL1>, <ImgURL2>],
    ["vid", "mp4", <VidFileSHA256>, <VidURL1>, <VidURL2>],
    ["aud", "mp3", <AudFileSHA256>, <AudURL1>, <AudURL2>],
    ["code", "py", <CodeFileSHA256>, <CodeURL1>, <CodeURL2>],
    ["compressedfile", "zip", <CompFileSHA256>, <CompFileURL1>, <CompFileURL2>]
  ],
  "content": <content>,
  "sig": <sig>
}
```

## Hash Check:

Hash checking will be performed according to the setting that a user programs the client to do based on its trust in the server hosting the file or the user who published a post with that file, if the client attempts to hash verify everyone files are being loaded, the client can be very slow depending on the device and the size of the files, so the user must choose when the client will check the hash.

For this to work, the servers that will host the files cannot compress it, otherwise there will be an error in the hash check, if a file has to be compressed, this must be done on the user's device which is where the original hash will be generated.