Subnostr

so it's all token based? we know the pubkey by decoding the signature? I'm not sure I fully understand it yet. where is that token by the minds pubkey? I only see it on the posts by the anigma account

jb55 3y ago

We know the root pubkey because it's included in the delegate tag with the signature and event creation conditions.

The unsigned token is `nostr:delegation::` the "token" aka "root_signature" is `root_sign(sha256(unsigned_token))`

So basically you just sign a token that gives the permission to to create events on your behalf given some conditions (time limit, only certain kinds, etc)

Reply to this note

Please Login to reply.

Discussion

balas 3y ago

and this process is handled internally right now by the issuer? so you need to input that token you received via other means? how is the token verification done?

jb55 3y ago

anyone can verify the token by just checking the signature of sha256(nostr:delegation:publisher-key:conditions) against the pubkey in the delegation tag (which is the root key). also make sure the publisher-key is the pubkey of the nostr note.