Private keys should be exposed to as few systems - apps, operating systems, devices - as possible as each system adds to the attack surface.
Entering private keys can also be annoying and requires exposing them to even more systems such as the operating system's clipboard that might be monitored by malicious apps.
- result `{ [url: string]: {read: boolean, write: boolean} }`
- **nip04_encrypt**
- params [`pubkey`, `plaintext`]
- result `nip4 ciphertext`
- **nip04_decrypt**
- params [`pubkey`, `nip4 ciphertext`]
- result [`plaintext`]
NOTICE: `pubkey` and `signature` are hex-encoded strings.
### Nostr Connect URI
**Signer** discovers **App** by scanning a QR code, clicking on a deep link or copy-pasting an URI.
The **App** generates a special URI with prefix `nostrconnect://` and base path the hex-encoded `pubkey` with the following querystring parameters **URL encoded**
-`relay` URL of the relay of choice where the **App** is connected and the **Signer** must send and listen for messages.
const uri = `nostrconnect://<pubkey>?relay=${encodeURIComponent("wss://relay.damus.io")}&metadata=${encodeURIComponent(JSON.stringify({"name": "Example"}))}`
The `content` field contains encrypted message as specified by [NIP04](https://github.com/nostr-protocol/nips/blob/master/04.md). The `kind` chosen is `24133`.
### Connect
1. User clicks on **"Connect"** button on a website or scan it with a QR code
2. It will show an URI to open a "nostr connect" enabled **Signer**
3. In the URI there is a pubkey of the **App** ie. `nostrconnect://<pubkey>&relay=<relay>&metadata=<metadata>`
4. The **Signer** will send a message to ACK the `connect` request, along with his public key
### Disconnect (from App)
1. User clicks on **"Disconnect"** button on the **App**
2. The **App** will send a message to the **Signer** with a `disconnect` request
3. The **Signer** will send a message to ACK the `disconnect` request
### Disconnect (from Signer)
1. User clicks on **"Disconnect"** button on the **Signer**
2. The **Signer** will send a message to the **App** with a `disconnect` request
### Get Public Key
1. The **App** will send a message to the **Signer** with a `get_public_key` request
1. The **App** will send a message with metadata to the **Signer** with a `delegate` request along with the **conditions** query string and the **pubkey** of the **App** to be delegated.
2. The **Signer** will show a popup to the user to delegate the **App** to sign on his behalf
3. The **Signer** will send back a message with the signed [NIP-26 delegation token](https://github.com/nostr-protocol/nips/blob/master/26.md) or reject it