2.5 KiB
NIP-XX
Improved event signing scheme
draft
optional
This NIP describes a new event signature scheme that provides greater flexibility than the existing scheme by allowing signing JSONs with arbitrary properties while providing backwards compatibility. It is based on Perkeep's JSON signing. The signature scheme remains the same as the one described in NIP-01.
Signing
This NIP adds a new signature property to the event object: sig_v2
.
This signature is produced as follows:
- Sign and serialize an event as described in NIP-01.
- Remove any trailing whitespace from the serialized string such that the last element is the character
}
. - Remove the aforementioned
}
character. - Let
h
be the hex-encoded sha256 hash of what remains of the serialized event after steps 1 to 3. - Let
s
be the hex-encoded signature ofh
. - Append
,"sig_v2":"<s>"}
, where<s>
is replaced withs
.
Verifying
- Start with a serialized signed event as described above.
- Find the last occurrence of the substring
,"sig_v2":"<s>"}
in the serialized event. - Let
h
be the hex-encoded sha256 hash of the string starting from the beginning of the serialized event upto the match location (ending at the character before,
). - Take the string from the beggining of the serialized event upto the match location, append a single
}
character and parse it into a JSON object. - Let
p
be the hex-encoded pubkey provided by the JSON fieldpubkey
of the aforementioned object. - Take the string starting from the match in step 3 until the end of the serialized event, replace the
,
character with{
and parse it into a JSON object. - Let
s
be the hex-encoded signature provided by the JSON fieldsig_v2
of the aforementioned object. - Verify that
s
is a valid signature ofh
with public keyp
.
Backwards compatibility
Relays
Relays that don't support this NIP can either ignore or remove the unknown fields. In case they are ignored, the relay will not be able to verify that their contents have not been modified. This is not a big concern, since clients that support this NIP will be able to perform the appropriate verification on their end.
Clients
Clients that do not support this NIP can safely ignore the unknown fields. Since there are no NIPs that make use of custom fields at the time of writing, this can only impact future additions to the protocol.