Replying to Avatar Blake

You can look at some Nostr library code and open source apps to see how’s it done today.

Certainly could be more strict. But it leverages existing JSON programming language libraries, which likely have already mostly standardise.

The signature is only signing the event id, not the serialised event. But again, I’m yet to see any issues in the wild.
Avatar
myself 2y ago

The signature signs the whole object (minus the signature of course). Let me quote NIP-01:

> "sig": <64-bytes hex of the signature of the sha256 hash of the serialized event data, which is the same as the "id" field>

Reply to this note

Please Login to reply.

Discussion

Avatar
Blake 2y ago

https://github.com/0xtlt/nostr_rust/blob/main/src/events.rs#L127

https://github.com/scsibug/nostr-rs-relay/blob/master/src/event.rs#L359

Avatar
myself 2y ago

What's your point? They are all signing the hash of the serialized event data (the whole object basically)