NIP-79
======
`window.nostr` offline message signature & verificiation
--------------------------------------------------------
`draft` `optional` `author:b35363`
### Idea 💡
Authentication standards like NIP-07 and NIP-47 have proven effective. However, there's a need to extend the capability of message signature and verification to third-party applications that don't utilize the NIP-01 standard. This is crucial for scenarios where users and remote entities require mutual verification without relying on the NIP-42 standard, which involves submitting events for network-based verification.
**tl;dr**
_The ability to sign and verify messages must be available clientside in order to have a proper implementation in the case where Users and Remote needs to be mutually verified._
_The authentication between clients and relays can already be implemented with `nip-42` but this standard may lead to a **much simpler authentication** process where no Event has to be submitted on the network to verify authenticity._
### Nostr Implementation Possibility
> `nip-79` can be used standalone but it is intended to be a superset of `nip-07` it is therefore not recommended to use it without proper NIP-07 implementation.
NIP-79 proposes a solution to this challenge by introducing a client-side standard for message signature and verification, enabling seamless authentication between users and remote entities. This standard can work independently but is designed to enhance and complement NIP-07's capabilities.
The `window.nostr` object may be made available by web browsers or extensions and websites or web-apps may make use of it after checking its availability.
In order to sign and verify messages directly from the browser, the `window.nostr` object must define the following methods:
- ```js
async window.nostr.signMessage(msg : string): string // returns sig string from nip-07 extension
```
- This method takes a message (`msg`) as input and returns the message's signature (`sig`) using the NIP-07 extension.
- Example :
```js
const message = "Hello, world!";
const signature = await window.nostr.signMessage(message);
console.log("Message Signature:", signature);
```
- ```js
// takes a sig and a pubkey and verify message integrity
async window.nostr.verifyMessage(sig: string, pubkey : string): boolean
```
- This method verifies the integrity of a message by checking the validity of a given signature (`sig`) and public key
(`pubkey`).
- Returns true if the verification is successful, and false otherwise.
- Example :
```js
const receivedSignature = "0xabcdef123456..."; // Received signature
const senderPublicKey = "0x1234567890abc..."; // Sender's public key
const isVerified = await window.nostr.verifyMessage(receivedSignature, senderPublicKey);
console.log("Message Verified:", isVerified);
```
## Implementation Considerations
It's important to note that NIP-79 can function as a standalone solution. However, its design is intended to expand upon the capabilities of NIP-07. Therefore, it's recommended to have a proper NIP-07 implementation before utilizing NIP-79.
## Conclusion
NIP-79 introduces a powerful method for enabling offline message signature and verification through the window.nostr object. By providing these methods, the proposal aims to simplify and streamline the authentication process for third-party applications, fostering secure and trusted communication between users and remote entities.
_Please keep in mind that the code examples provided are simplified for illustration purposes and might not directly correspond to real-world implementations. The actual implementation details might vary based on the technology stack and tools being used._
## Implementations