nostr/nips
1
0
Fork 0
mirror of https://github.com/nostr-protocol/nips.git synced 2024-09-20 23:05:49 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
325adae009
nips/07.md
cmd 325adae009
Add method for deriving HMAC keys from the private key. 
I ran into an issue where I want to derive child-keys from the parent private key, but there is currently no way to do this with the current spec.

I propose adding a `window.nostr.getDerivedKey(key: string): string` method to the spec, which is a simple HMAC method using the private key and a user supplied key. HMAC has wide-spread support in the WebCrypto spec, and is easy to implement. 

https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto

Here is some reference code for performing a simple HMAC operation using WebCrypto API:
```ts
async function hmac (
  // Perform an HMAC signing operation.
  key   : Uint8Array,
  data : Uint8Array,
  fmt   : string = 'SHA-256'
) : Promise<Uint8Array> {
  const cryptoKey = await importKey(key, fmt)
  return crypto.subtle
    .sign('HMAC', cryptoKey, data)
    .then((buffer) => new Uint8Array(buffer))
}
async function importKey (
  // Create a CryptoKey from the 
  // supplied key and format string.
  key : Uint8Array,
  fmt : string = 'SHA-256'
) : Promise<CryptoKey> {
  const config = { name: 'HMAC', hash: fmt }
  return crypto.subtle.importKey(
    'raw', key, config, false, ['sign', 'verify']
  )
}
```
2023-02-03 15:50:58 -06:00

1.3 KiB
Raw Blame History

NIP-07

window.nostr capability for web browsers

draft optional author:fiatjaf

The window.nostr object may be made available by web browsers or extensions and websites or web-apps may make use of it after checking its availability.

That object must define the following methods:

async window.nostr.getPublicKey(): string // returns a public key as hex
async window.nostr.getDerivedKey(key: string): string // returns a key derived from hmac(key, prvkey).
async window.nostr.signEvent(event: Event): Event // takes an event object, adds `id`, `pubkey` and `sig` and returns it

Aside from these two basic above, the following functions can also be implemented optionally:

async window.nostr.getRelays(): { [url: string]: {read: boolean, write: boolean} } // returns a basic map of relay urls to relay policies
async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04
async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04

Implementation