nips/07.md

NIP-07

window.nostr capability for web browsers

---

Nostr How To: Browser Extensions

Browser extensions with nostr NIP-07 are an extra security layer for your private or secret key (nsec)

Best practice: Do not enter your nostr private key directly in a nostr client website, use a browser extension instead.

1. Download and setup a browser extension (list below)
2. Generate a nostr key pair*, or if you already have one, save a copy in your browser extension
3. Use your browser extension of choice to sign in and create notes in nostr web clients that support this feature

*Keep a backup of your public and private keys in a password manager

---

Technical Specifications

draft optional author:fiatjaf

The window.nostr object may be made available by web browsers or extensions and websites or web-apps may make use of it after checking its availability.

That object must define the following methods:

async window.nostr.getPublicKey(): string // returns a public key as hex
async window.nostr.signEvent(event: Event): Event // takes an event object, adds `id`, `pubkey` and `sig` and returns it

Aside from these two basic above, the following functions can also be implemented optionally:

async window.nostr.getRelays(): { [url: string]: {read: boolean, write: boolean} } // returns a basic map of relay urls to relay policies
async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04
async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04

---

Implementation

• horse (Chrome and derivatives)
• nos2x (Chrome and derivatives)
• Alby (Chrome and derivatives, Firefox, Safari)
• Blockcore (Chrome and derivatives)
• nos2x-fox (Firefox)
• Flamingo (Chrome and derivatives)