Nostr Web Client

secp256k1 is a permitted curve for X.509 certificates

You could allow any root that has the npub’s key, so it could sign sub-CAs or temporary keys for servers.

it's gotta be the ecdsa public key tho, 33 bytes and all that. i didn't know that x509s can be secp256k1 tho. i thought r1 was the only one that most of the things permitted. TLS definitely. also JWT only r1.

Reply to this note

Please Login to reply.

Discussion

semisol 6mo ago

x-only pubkeys are prefixed with 02

it doesn’t matter though, you can flip it

Garbage nsec 6mo ago

Not sure if x-only have a 02 prefix like same way compressed public keys do?

semisol 6mo ago

No, you can prefix them with 02 to get a compressed pubkey.

Garbage nsec 6mo ago

Ah right, yup!