Avatar
mleku 2y ago

MVP for a CLI based keychain and signer for nostr keys:

https://github.com/mleku/signr

This is part of work to develop a nostr-connected decentralised git hosting system, this will be the tool that signs commits using nostr keys so they are readily recognised as being from a given nostr user account.

needs some documentation, probably, all feedback most welcome.

note that it uses an original design for signing that takes into account proper authentication security matters, the signatures always have a random value associated with them, and the signature is on top of the hash of the file plus the random value plus some extra parts that make it distinctive.

probably it should be made into an NIP at some point, but my focus right now is, after this, to plug it into Git as a custom signature tool so Git hosting systems can verify commits and tags are signed by who they should be.

Reply to this note

Please Login to reply.

Discussion

Avatar
il_lost_ 2y ago

another "similar" project https://github.com/nostrocket/snub nostr:nprofile1qqsdjyv3uv8qq3ztjskqaqk263ctx2h3w9mycgn4hmstmxfh0m75qagpz3mhxue69uhhyetvv9ujuerpd46hxtnfduqs7amnwvaz7tmwdaehgu3wd4hk6qgnwaehxw309ahx7um5wghrvwpc9ehhyecsnkhzg

Avatar
mleku 2y ago

nostr:nprofile1qqsth3eu4eq4qtw667jpzfvxmjh5gg5pp4s25j6hccmue5d8g6c8s3qpz4mhxue69uhk2er9dchxummnw3ezumrpdejqz9mhwden5te0dehhxarj9enx6apwwa5h5tnzd9aqz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcaf8ysx is what signr relates to.

HORNET doesn't interface quite so directly with Nostr and is aimed mainly at creating a replication protocol that allows relays hosting Git repositories to sync with each other... at least, that's my rough understanding of it. nostr:nprofile1qqs9njktmqadt322myw6eag6f8qxuzl0wv9vpe7zxkn0d73fhy3s7qspr3mhxue69uhkummnw3ezumt4w35ku7thv9kxcet59e3k7mgprpmhxue69uhkc6t8dp6xu6twvaex2mrp0yhxxmmdqy08wumn8ghj7mn0wd68yttjv4kxz7fwv3jhyettwfhhxuewd4jsc3t90n and others in the project know more about that side of it, I'm just doing the cryptography/tooling for the Git interfacing.

HORNET will be applicable to Nostr itself, though, since it will enable the compact representation of nostr accounts and the means to selectively synchronise their activity across relays.

I'm not sure exactly where we are at on the timeline, I have only really just joined this and taken on this task because I'm quite comfortable with coding and cryptography systems, hashes and EC signatures.

I am starting on integrating this CLI tool into Git so it can automatically sign commits now.

Avatar
Colby Serpa 2y ago

Snub sacrifices backwards compatibility with git. Git is highly evolved tech’ years beyond Nostr.

The goal of GitNestr is to broadcast the Commits, Issues, and Pull Requests of GitHub as #Nostr notes — then store the git folder as a Merkle DAG on relays. The root of the Merkle DAG is signed like a Nostr note, authenticating the repo.

This allows people to pull their repos straight off GitHub and upload it to Nostr relays.

Sacrificing git is a grave mistake given how advanced the technology it is — abandoning git also creates switching costs for users.

Avatar
Colby Serpa 2y ago

Ahh I see it does interface with git actually, but where is the repo stored?

If the repo isn’t decentralized across relays, then how is this censorship resistant?…

Avatar
mleku 2y ago

it's like i said somewhere - maybe in this thread - it's not got enough thought about the protocol. and like you say, why reinvent the wheel, git just needs a filesystem, and an fs is a much easier thing to make a protocol for.

it is possible to concurrently mutate a git repository, but only when it's a different branch, if the mutations are both on the same node. with that attended to either order of applying the change yields an atomic result.

Avatar
gsovereignty 2y ago

I've changed the architecture of snub but haven't updated the readme. Other projects more important at the moment.

Avatar
Colby Serpa 2y ago

👍