nostr/nips
1
0
Fork 0
mirror of https://github.com/nostr-protocol/nips.git synced 2024-11-09 22:09:06 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

First draft of Delegated Event Signing

Browse Source
This commit is contained in:
Mark Harding 2022-08-04 09:33:38 +01:00
parent 7fe572ec5a
commit e13f6d39b9
No known key found for this signature in database
GPG Key ID: 9B6747B8C6828EC9
1 changed files with 80 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
26.md Normal file
View File

@ -0,0 +1,80 @@
NIP: 26
=======
Delegated Event Signing
-----
`draft` `mandatory` `author:markharding` `author:minds`
This NIP defines how events should be verified and signed to support generating events on behalf of someone else. It should be possible to sign Nostr events from other keypairs.
Another application of this proposal is to abstract away the use of the 'root' keypairs when interacting with clients. For example, a user could generate new keypairs for each client they wish to use and authorize those keypairs to generate events on behalf of their root pubkey, where the root keypair is stored in cold storage.
#### Introducing the 's' tag
This NIP introduces a new tag: `s` which is formatted as follows:
```json
[
"s",
<signed pairing payload (base64 encoded)>,
<signed pairing signature (64-bytes shnnorr signature of the sha256 hash of the signed pairing payload>
]
```
##### Signed Pairing Payload
The Signed Pairing Payload should be a `base64` encoded JSON object as follows:
```json
{
"signerkey": <32-bytes hex-encoded public key of who is authorized to sign>,
"created_at": <unix timestamp of issued time>,
"expires_at": <optional, if present unix timestamp of invalidation time>
}
```
For example, the Signed Pairing Payload `eyJzaWduZXJrZXkiOiI2MjkwM2IxZmY0MTU1OWRhZjllZTk4ZWYxYWU2N2NjNTJmMzAxYmI1Y2UyNmQxNGJhYmEzMDUyZjY0OWMzZjQ5IiwiY3JlYXRlZF9hdCI6MTY1OTQ0NjMxNX0=` consists of the payload:
```json
{
"signerkey": "62903b1ff41559daf9ee98ef1ae67cc52f301bb5ce26d14baba3052f649c3f49",
"created_at": 1659446315
}
```
##### Signed Pairing Signature
The Signed Pairing Signature is a schnorr signature of the sha256 hash of the Signed Pairing Payload. For example `2ed3e4b8470ce37b7e1946441a323d1d71c8a846fe49787ec406e14a44632cc96e48cabccc4a526eedd51aca33bf2a5cf7fb85462d23ad6d4de29c8b91abc41b` is a signature of the payload mentioned above.
#### Modifying event verification
When the `s` tag is provided, events **must** be signed and verified by the respective private key of the `signerkey`. Clients/relays **should** confirm that no revocation have been created with a greater `created_at` value.
Clients **must** verify the token is valid. The token **may** include the `expires_at` field if it wishes the delegated signing to be temporary (ie. sign events for 2 hours, 7 days, etc).
> TODO: How to revoke. This could be a future NIP.
#### Example
Below is an example of an event published by `62903b1ff41559daf9ee98ef1ae67cc52f301bb5ce26d14baba3052f649c3f49`, on behalf of `86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42e`.
```json
{
"id":"23bf557814cd294d77a52e43d16903862c231857319f950ba40474fde1b9c393",
"pubkey":"86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42e",
"created_at":1652969505,
"kind":1,
"tags":[
[
"s",
"eyJzaWduZXJrZXkiOiI2MjkwM2IxZmY0MTU1OWRhZjllZTk4ZWYxYWU2N2NjNTJmMzAxYmI1Y2UyNmQxNGJhYmEzMDUyZjY0OWMzZjQ5IiwiY3JlYXRlZF9hdCI6MTY1OTQ0NjMxNX0=",
"2ed3e4b8470ce37b7e1946441a323d1d71c8a846fe49787ec406e14a44632cc96e48cabccc4a526eedd51aca33bf2a5cf7fb85462d23ad6d4de29c8b91abc41b"
]
],
"content":"Hello Nostr. This is Minds calling.",
"sig":"30f0ebb907bd23416dd32a14b905abeb1db3fde97c74a151c51e5503e91ed25d58fbdcd95910ea4c11dc49d3fca8c616c0e7489e0f8da37b0938a7ce393285e7"
}
```