Has anyone explored using Nostr IDs in place of PGP, e.g. for signing arbitrary things: software binaries, git commits, etc?
Discussion
I've thought about it. The only advantage I see is that I can bind a friendly-looking NIP-05 domain name for easier discovery.
Plus, the bech32 format for humans is easy to cut and paste, or qr code.
Well the big advantage for media to be able to associate a signed message to my well-known Nostr ID. If I want to sign a note and post it kn a forum or email list or in a github release, I'd love for people to verify its from me, but using my Nostr ID instead of PGP
nostr:nprofile1qqs8y6s7ycwvv36xwn5zsh3e2xemkyumaxnh85dv7jwus6xmscdpcygprpmhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0ekucf3 and zapstore.
There's also a nostr git idea but not sure if it signs the commits or just uses Nostr JSON to transfer data.
Yeah, is awesome. I use it daily. But, I'm looking for a general sign/verify tool suite using my Nostr ID. I guess it's really the "transmitted through relays" part of Nostr that I'd like to challenge. What if I want to sign notes and stuff transmitted via email or github releases or posted on forums or Bitcoin blocks, etc.
That's not a bad idea.
Usually the event data gets signed, but there's no reason why you can't sign anything else with that key.
I wonder if you can get something like this to work with your private key hex:
I like where your head is at... I might toy around with this
Aren't kind 1063 events just that? Cryptographically links a file with a nostr sig via its hash
Yeah, that looks like the right kind. I just haven't found a toll that uses them. e.g. if someone emailed me a kind 1063 signed note, what tool would I use to verify it?