nips/26.md
2022-08-24 13:24:50 +01:00

2.4 KiB

NIP: 26

Delegated Event Signing

draft optional author:markharding author:minds

This NIP defines how events can be delegated so that they can be signed by other keypairs.

Another application of this proposal is to abstract away the use of the 'root' keypairs when interacting with clients. For example, a user could generate new keypairs for each client they wish to use and authorize those keypairs to generate events on behalf of their root pubkey, where the root keypair is stored in cold storage.

Introducing the 'delegation' tag

This NIP introduces a new tag: delegation which is formatted as follows:

[
  "delegation",
  <pubkey of the delegator>,
  <conditions query string>,
  <64-bytes schnorr signature of the sha256 hash of the delegation token>
]
Delegation Token

The delegation token should be a 64-bytes schnorr signature of the sha256 hash of the following string:

nostr:delegation:<pubkey of publisher (delegatee)>:<conditions query string>

For example, the token c33c88ba78ec3c760e49db591ac5f7b129e3887c8af7729795e85a0588007e5ac89b46549232d8f918eefd73e726cb450135314bfda419c030d0b6affe401ec1 is signed by 86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42e and consists of:

nostr:delegation:62903b1ff41559daf9ee98ef1ae67cc52f301bb5ce26d14baba3052f649c3f49:kind=1&created_at>1640995200

Example

Below is an example of an event published by 62903b1ff41559daf9ee98ef1ae67cc52f301bb5ce26d14baba3052f649c3f49, on behalf of 86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42e.

{
  "id": "a080fd288b60ac2225ff2e2d815291bd730911e583e177302cc949a15dc2b2dc",
  "pubkey": "62903b1ff41559daf9ee98ef1ae67cc52f301bb5ce26d14baba3052f649c3f49",
  "created_at": 1660896109,
  "kind": 1,
  "tags": [
    [
      "delegation",
      "86f0689bd48dcd19c67a19d994f938ee34f251d8c39976290955ff585f2db42e",
      "kind=1&created_at>1640995200",
      "c33c88ba78ec3c760e49db591ac5f7b129e3887c8af7729795e85a0588007e5ac89b46549232d8f918eefd73e726cb450135314bfda419c030d0b6affe401ec1"
    ]
  ],
  "content": "Hello world",
  "sig": "cd4a3cd20dc61dcbc98324de561a07fd23b3d9702115920c0814b5fb822cc5b7c5bcdaf3fa326d24ed50c5b9c8214d66c75bae34e3a84c25e4d122afccb66eb6"
}

Relay & Client Querying Support

Relays should answer requests such as ["REQ", "", {"authors": ["A"]}] by querying both the pubkey and delegation tags [1] value.