Added signString() method

fiatjaf · robwoodgate · Mar 21, 2025 · Mar 21, 2025 · 66c1c7da30119feb5d1d553553a77e0fd80261f5
commit 66c1c7da30119feb5d1d553553a77e0fd80261f5
diff --git a/README.md b/README.md
@@ -15,6 +15,7 @@ async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertex
 async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext+iv as specified in nip04
 async window.nostr.nip44.encrypt(pubkey, plaintext): string // takes pubkey, plaintext, returns ciphertext as specified in nip-44
 async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes pubkey, ciphertext, returns plaintext as specified in nip-44
+async window.nostr.signString(message): {hash: string, sig: string, pubkey: string} // return SHA256 `hash` of `message`, Schnorr `sig` of `hash`, `pubkey` of signer
 ```
 
 This extension is Chromium-only. For a maintained Firefox fork, see [nos2x-fox](https://diegogurpegui.com/nos2x-fox/).

diff --git a/extension/background.js b/extension/background.js
@@ -5,6 +5,9 @@ import * as nip04 from 'nostr-tools/nip04'
 import * as nip44 from 'nostr-tools/nip44'
 import {Mutex} from 'async-mutex'
 import {LRUCache} from './utils'
+import {sha256} from "@noble/hashes/sha256";
+import {bytesToHex} from "@noble/hashes/utils";
+import {schnorr} from "@noble/curves/secp256k1";
 
 import {
   NO_PERMISSIONS_REQUIRED,
@@ -200,6 +203,24 @@ async function performOperation(type, params) {
           ? event
           : {error: {message: 'invalid event'}}
       }
+      case 'signString': {
+        if (typeof params.message !== 'string') {
+          return { error: { message: "message is not a string" } };
+        }
+        try {
+            // Check this is not a stringified event
+            // trying to bypass permission checks
+            const obj = JSON.parse(params.message);
+            if (validateEvent(obj)){
+              return { error: { message: "use signEvent() to sign events" } };
+            }
+        } catch (e) {} // not a JSON string
+        const utf8Encoder = new TextEncoder();
+        const hash = bytesToHex(sha256(utf8Encoder.encode(params.message)));
+        const sig = bytesToHex(schnorr.sign(hash, sk));
+        const pubkey = bytesToHex(schnorr.getPublicKey(sk));
+        return {hash: hash, sig: sig, pubkey: pubkey};
+      }
       case 'nip04.encrypt': {
         let {peer, plaintext} = params
         return nip04.encrypt(sk, peer, plaintext)

diff --git a/extension/common.js b/extension/common.js
@@ -7,6 +7,7 @@ export const NO_PERMISSIONS_REQUIRED = {
 export const PERMISSION_NAMES = Object.fromEntries([
   ['getPublicKey', 'read your public key'],
   ['signEvent', 'sign events using your private key'],
+  ['signString', 'sign messages using your private key'],
   ['nip04.encrypt', 'encrypt messages to peers'],
   ['nip04.decrypt', 'decrypt messages from peers'],
   ['nip44.encrypt', 'encrypt messages to peers'],

diff --git a/extension/nostr-provider.js b/extension/nostr-provider.js
@@ -12,6 +12,10 @@ window.nostr = {
     return this._call('signEvent', {event})
   },
 
+  async signString(message) {
+    return this._call('signString', {message})
+  },
+
   async getRelays() {
     return {}
   },