nips/79.md
2023-08-19 13:27:14 +02:00

3.8 KiB

NIP-79

window.nostr offline message signature & verificiation

draft optional author:b35363

Idea 💡

Authentication standards like NIP-07 and NIP-47 have proven effective. However, there's a need to extend the capability of message signature and verification to third-party applications that don't utilize the NIP-01 standard. This is crucial for scenarios where users and remote entities require mutual verification without relying on the NIP-42 standard, which involves submitting events for network-based verification.

tl;dr

The ability to sign and verify messages must be available clientside in order to have a proper implementation in the case where Users and Remote needs to be mutually verified.

The authentication between clients and relays can already be implemented with nip-42 but this standard may lead to a much simpler authentication process where no Event has to be submitted on the network to verify authenticity.

Nostr Implementation Possibility

nip-79 can be used standalone but it is intended to be a superset of nip-07 it is therefore not recommended to use it without proper NIP-07 implementation.
NIP-79 proposes a solution to this challenge by introducing a client-side standard for message signature and verification, enabling seamless authentication between users and remote entities. This standard can work independently but is designed to enhance and complement NIP-07's capabilities.

The window.nostr object may be made available by web browsers or extensions and websites or web-apps may make use of it after checking its availability.

In order to sign and verify messages directly from the browser, the window.nostr object must define the following methods:

  • async window.nostr.signMessage(msg : string): string // returns sig string from nip-07 extension
    
    • This method takes a message (msg) as input and returns the message's signature (sig) using the NIP-07 extension.
    • Example :
        const message = "Hello, world!";
        const signature = await window.nostr.signMessage(message);
        console.log("Message Signature:", signature);
      

  • // takes a sig and a pubkey and verify message integrity
    async window.nostr.verifyMessage(sig: string, pubkey : string): boolean
    
    • This method verifies the integrity of a message by checking the validity of a given signature (sig) and public key (pubkey).
    • Returns true if the verification is successful, and false otherwise.
    • Example :
          const receivedSignature = "0xabcdef123456..."; // Received signature
          const senderPublicKey = "0x1234567890abc..."; // Sender's public key
          const isVerified = await window.nostr.verifyMessage(receivedSignature, senderPublicKey);
          console.log("Message Verified:", isVerified); 
      

Implementation Considerations

It's important to note that NIP-79 can function as a standalone solution. However, its design is intended to expand upon the capabilities of NIP-07. Therefore, it's recommended to have a proper NIP-07 implementation before utilizing NIP-79.

Conclusion

NIP-79 introduces a powerful method for enabling offline message signature and verification through the window.nostr object. By providing these methods, the proposal aims to simplify and streamline the authentication process for third-party applications, fostering secure and trusted communication between users and remote entities.

Please keep in mind that the code examples provided are simplified for illustration purposes and might not directly correspond to real-world implementations. The actual implementation details might vary based on the technology stack and tools being used.

Implementations