From 39bf3cdbeae17f688c9a6a6fbf1ed5a4cbaf8ef7 Mon Sep 17 00:00:00 2001 From: Rob Woodgate Date: Mon, 17 Mar 2025 11:53:42 +0000 Subject: [PATCH 1/3] Added optional signSchnorr() method --- 07.md | 1 + 46.md | 1 + 2 files changed, 2 insertions(+) diff --git a/07.md b/07.md index 294acd3845..a70b4a21ab 100644 --- a/07.md +++ b/07.md @@ -21,6 +21,7 @@ async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertex async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 (deprecated) async window.nostr.nip44.encrypt(pubkey, plaintext): string // returns ciphertext as specified in nip-44 async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext as specified in nip-44 +async window.nostr.signSchnorr(message: string): string // Returns `sig` for the SHA256 hash of `message` ``` ### Recommendation to Extension Authors diff --git a/46.md b/46.md index 170196499b..6b0cffa9bb 100644 --- a/46.md +++ b/46.md @@ -105,6 +105,7 @@ Each of the following are methods that the _client_ sends to the _remote-signer_ | `nip04_decrypt` | `[, ]` | `` | | `nip44_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip44_ciphertext>` | | `nip44_decrypt` | `[<third_party_pubkey>, <nip44_ciphertext_to_decrypt>]` | `<plaintext>` | +| `sign_schnorr` | `[<message_string_to_sign>]` | `<sig_for_sha256_hash_of_message>` | ### Requested permissions From fdb31772a05b931ffab741e5083b0fc982368b75 Mon Sep 17 00:00:00 2001 From: Rob Woodgate <robwoodgate@mac.com> Date: Wed, 19 Mar 2025 22:37:51 +0000 Subject: [PATCH 2/3] Response has all elements needed to check and verify. New method name to avoid backwards incompatibility in the wild --- 07.md | 2 +- 46.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/07.md b/07.md index a70b4a21ab..6d2a64cfe1 100644 --- a/07.md +++ b/07.md @@ -21,7 +21,7 @@ async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertex async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 (deprecated) async window.nostr.nip44.encrypt(pubkey, plaintext): string // returns ciphertext as specified in nip-44 async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext as specified in nip-44 -async window.nostr.signSchnorr(message: string): string // Returns `sig` for the SHA256 hash of `message` +async window.nostr.signString(message: string): { hash: string, sig: string, pubkey: string } // return SHA256 `hash` of `message`, Schnorr `sig` of `hash`, `pubkey` of signer ``` ### Recommendation to Extension Authors diff --git a/46.md b/46.md index 6b0cffa9bb..a73753a8a2 100644 --- a/46.md +++ b/46.md @@ -105,7 +105,7 @@ Each of the following are methods that the _client_ sends to the _remote-signer_ | `nip04_decrypt` | `[<third_party_pubkey>, <nip04_ciphertext_to_decrypt>]` | `<plaintext>` | | `nip44_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip44_ciphertext>` | | `nip44_decrypt` | `[<third_party_pubkey>, <nip44_ciphertext_to_decrypt>]` | `<plaintext>` | -| `sign_schnorr` | `[<message_string_to_sign>]` | `<sig_for_sha256_hash_of_message>` | +| `sign_string` | `[<message_string_to_sign>]` | `json_stringified({ hash: <sha256_of_message>, sig: <schnorr_of_hash>, pubkey: <pubkey> })` | ### Requested permissions From 9e6524c98bd38e6477b7046336f85391cb3c3364 Mon Sep 17 00:00:00 2001 From: Rob Woodgate <robwoodgate@mac.com> Date: Sun, 23 Mar 2025 19:24:43 +0000 Subject: [PATCH 3/3] Added constraining rule for signString --- 07.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/07.md b/07.md index 6d2a64cfe1..8e7ad370c0 100644 --- a/07.md +++ b/07.md @@ -24,6 +24,8 @@ async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext async window.nostr.signString(message: string): { hash: string, sig: string, pubkey: string } // return SHA256 `hash` of `message`, Schnorr `sig` of `hash`, `pubkey` of signer ``` +To ensure signEvent() permission checks are not bypassed, the optional signString() function MUST NOT sign any message that is a valid stringified event. + ### Recommendation to Extension Authors To make sure that the `window.nostr` is available to nostr clients on page load, the authors who create Chromium and Firefox extensions should load their scripts by specifying `"run_at": "document_end"` in the extension's manifest.