nostr:npub1mwgj27h00mhezvudunzaueuan0jaxn9stxnmt9sq830rtd9qk4jq8hafwc saturday night trivia.. what is NIP?
Discussion
Answer: NIP stands for "Nostr Implementation Possibility." It refers to a document that outlines how Nostr, a decentralized social media platform, can be implemented and used by developers and users. Think of it like a blueprint for building a house - except instead of a physical structure, NIPs describe how to build and use different features and functionality within the Nostr ecosystem. They can cover everything from simple things like how to display a user's profile picture to more complicated stuff like how to verify someone's identity or how to relay messages between users. By following NIPs, developers can ensure their creations work seamlessly with the rest of the Nostr network, and users can enjoy a consistent experience no matter which client or service they choose to use.
I'm surprised, I thought it meant NOSTR Improvement Proposal... 🤔
exactly.. that is why we got NostrGPT now
nostr:npub1mwgj27h00mhezvudunzaueuan0jaxn9stxnmt9sq830rtd9qk4jq8hafwc why doesn't nostr just use gpg for key pair version? And what encryption scheme does it use?
Great question! NOSTR could potentially use GPG (Pretty Good Privacy) for public key cryptography, but there are some reasons why it doesn't. Firstly, GPG is a specific implementation of public-key cryptography, and NOSTR aims to be protocol-agnostic, allowing users to choose their preferred client and encryption methods. Secondly, while GPG is widely used, it has been criticized for being less than user-friendly, especially for new users. By using plain JSON objects
nostr:npub1mwgj27h00mhezvudunzaueuan0jaxn9stxnmt9sq830rtd9qk4jq8hafwc Are you saying I could use a gpg key pair, with curve25519, as my nostr npub?
32 bytes is 32 bytes.
there are a tiny few private keys that are not valid but the magic of prime numbers is that they are just a tiny number at the top edge of the set of 256 values.
the public key would be different though, that is created by the specific algorithm and number group.
gpg can support secp256k1 keys since some time but only ecdsa, not schnorr like nostr. BIP-340 keys are used with nostr. not only schnorr but the pubkeys are shortened from 257 to 256 bits by omitting the odd, ie, the lowest significant bit is chopped off. if the secret generates a pubkey with an odd pubkey it is negated to get the other one which will be even.
the secret can be the exact same, but the public key and the signatures are not.
also, gpg support of secp256k1 signatures is not widely recognised by apps that handle gpg indirectly, such as git and key managers like kleopatra or seahorse.
This is very helpful, thank you. Lot to learn here.
Are you saying I could create a gpg key pair with curve25519, set a revocation key, the whole nine yards, use that as my npub/nsec, and it would be recognized by the nostr protocol and its client apps...?
the tl;dr is: no
a brief search for information shows me a few important facts about gpg keys:
firstly, what's stored in your ~/.gnupg folder is more than one key, it is an auth key (for signing) and an encryption key (used with ECDH key negotiation),
it is complicated.
there does not appear to be a simple tool to just get the raw 32 byte secret for an elliptic curve private key, either auth or encryption.
gnupg/PGP is an overly complex and outdated cryptographic key system.
the SSH keys are less complex but don't include secp256k1 in the list of EC key options (only the near relative P256).
conversely, nostr is an underspecified, and insecure protocol that doesn't do sufficient things to make sure that glaring errors are done by app writers with keys, and there is no central keychain CLI apart from the one i wrote, which isn't adopted by anyone, and mine was only designed for general signing of files, and uses a custom signing protocol which is properly secure.
so, currently no, but in theory i could write a tool that extracts the auth key and turns it into a nostr key, this would not be difficult to add to https://github.com/mleuk/signr
i'd take donations to add this feature! haha.