From fba2e364c23e0ceb38f28cd0b1f11a34ab23cd86 Mon Sep 17 00:00:00 2001 From: Beemo <120607606+b35363@users.noreply.github.com> Date: Sat, 19 Aug 2023 13:27:14 +0200 Subject: [PATCH] Update 79.md --- 79.md | 51 ++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 44 insertions(+), 7 deletions(-) diff --git a/79.md b/79.md index 6fdb1152..6e3ce4a3 100644 --- a/79.md +++ b/79.md @@ -8,22 +8,59 @@ NIP-79 ### Idea 💡 -The ability to sign and verify messages must be available clientside in order to have a proper implementation in the case where Users and Remote needs to be mutually verified. +Authentication standards like NIP-07 and NIP-47 have proven effective. However, there's a need to extend the capability of message signature and verification to third-party applications that don't utilize the NIP-01 standard. This is crucial for scenarios where users and remote entities require mutual verification without relying on the NIP-42 standard, which involves submitting events for network-based verification. -The authentication between clients and relays can already be implemented with `nip-42` but this standard may lead to a **much simpler authentication** process where no Event has to be submitted on the network to verify authenticity. +**tl;dr** + +_The ability to sign and verify messages must be available clientside in order to have a proper implementation in the case where Users and Remote needs to be mutually verified._ + +_The authentication between clients and relays can already be implemented with `nip-42` but this standard may lead to a **much simpler authentication** process where no Event has to be submitted on the network to verify authenticity._ ### Nostr Implementation Possibility - > `nip-79` can be used standalone but it is intended to be a superset of `nip-07` it is therefore not recommended to use it without proper NIP-07 implementation. +
+NIP-79 proposes a solution to this challenge by introducing a client-side standard for message signature and verification, enabling seamless authentication between users and remote entities. This standard can work independently but is designed to enhance and complement NIP-07's capabilities. The `window.nostr` object may be made available by web browsers or extensions and websites or web-apps may make use of it after checking its availability. In order to sign and verify messages directly from the browser, the `window.nostr` object must define the following methods: +
+ +- ```js + async window.nostr.signMessage(msg : string): string // returns sig string from nip-07 extension + ``` + - This method takes a message (`msg`) as input and returns the message's signature (`sig`) using the NIP-07 extension. + - Example : + ```js + const message = "Hello, world!"; + const signature = await window.nostr.signMessage(message); + console.log("Message Signature:", signature); + ``` +
+ +- ```js + // takes a sig and a pubkey and verify message integrity + async window.nostr.verifyMessage(sig: string, pubkey : string): boolean + ``` + - This method verifies the integrity of a message by checking the validity of a given signature (`sig`) and public key + (`pubkey`). + - Returns true if the verification is successful, and false otherwise. + - Example : + ```js + const receivedSignature = "0xabcdef123456..."; // Received signature + const senderPublicKey = "0x1234567890abc..."; // Sender's public key + const isVerified = await window.nostr.verifyMessage(receivedSignature, senderPublicKey); + console.log("Message Verified:", isVerified); + ``` +## Implementation Considerations -``` -async window.nostr.signMessage(msg : string): string // returns sig string from nip-07 extension -async window.nostr.verifyMessage(sig: string, pubkey : string): boolean // takes a sig and a pubkey and verify message integrity -``` +It's important to note that NIP-79 can function as a standalone solution. However, its design is intended to expand upon the capabilities of NIP-07. Therefore, it's recommended to have a proper NIP-07 implementation before utilizing NIP-79. + +## Conclusion + +NIP-79 introduces a powerful method for enabling offline message signature and verification through the window.nostr object. By providing these methods, the proposal aims to simplify and streamline the authentication process for third-party applications, fostering secure and trusted communication between users and remote entities. + +_Please keep in mind that the code examples provided are simplified for illustration purposes and might not directly correspond to real-world implementations. The actual implementation details might vary based on the technology stack and tools being used._ ## Implementations