nips/79.md

NIP-79
======

`window.nostr` offline message signature & verificiation
--------------------------------------------------------

`draft` `optional` `author:b35363`

### Idea 💡

Authentication standards like NIP-07 and NIP-47 have proven effective. However, there's a need to extend the capability of message signature and verification to third-party applications that don't utilize the NIP-01 standard. This is crucial for scenarios where users and remote entities require mutual verification without relying on the NIP-42 standard, which involves submitting events for network-based verification.

**tl;dr**

_The ability to sign and verify messages must be available clientside in order to have a proper implementation in the case where Users and Remote needs to be mutually verified._

_The authentication between clients and relays can already be implemented with `nip-42` but this standard may lead to a **much simpler authentication** process where no Event has to be submitted on the network to verify authenticity._

### Nostr Implementation Possibility

> `nip-79` can be used standalone but it is intended to be a superset of `nip-07` it is therefore not recommended to use it without proper NIP-07 implementation.
 <br>
NIP-79 proposes a solution to this challenge by introducing a client-side standard for message signature and verification, enabling seamless authentication between users and remote entities. This standard can work independently but is designed to enhance and complement NIP-07's capabilities.

The `window.nostr` object may be made available by web browsers or extensions and websites or web-apps may make use of it after checking its availability.

In order to sign and verify messages directly from the browser, the `window.nostr` object must define the following methods:
 <br>
 
- ```js 
  async window.nostr.signMessage(msg : string): string // returns sig string from nip-07 extension
  ```
  - This method takes a message (`msg`) as input and returns the message's signature (`sig`) using the NIP-07 extension.
  - Example :
    ```js
      const message = "Hello, world!";
      const signature = await window.nostr.signMessage(message);
      console.log("Message Signature:", signature);
    ```
 <br>
 
- ```js
  // takes a sig and a pubkey and verify message integrity
  async window.nostr.verifyMessage(sig: string, pubkey : string): boolean
  ```
  - This method verifies the integrity of a message by checking the validity of a given signature (`sig`) and public key 
  (`pubkey`).
  - Returns true if the verification is successful, and false otherwise.
  - Example :
    ```js
        const receivedSignature = "0xabcdef123456..."; // Received signature
        const senderPublicKey = "0x1234567890abc..."; // Sender's public key
        const isVerified = await window.nostr.verifyMessage(receivedSignature, senderPublicKey);
        console.log("Message Verified:", isVerified); 
    ```
## Implementation Considerations

It's important to note that NIP-79 can function as a standalone solution. However, its design is intended to expand upon the capabilities of NIP-07. Therefore, it's recommended to have a proper NIP-07 implementation before utilizing NIP-79.

## Conclusion

NIP-79 introduces a powerful method for enabling offline message signature and verification through the window.nostr object. By providing these methods, the proposal aims to simplify and streamline the authentication process for third-party applications, fostering secure and trusted communication between users and remote entities.

_Please keep in mind that the code examples provided are simplified for illustration purposes and might not directly correspond to real-world implementations. The actual implementation details might vary based on the technology stack and tools being used._

## Implementations