signatures are incompatible
keys can be used with the secp256k1 curve as is, as there are only two y coordinates and the key for both can be computed
it wouldn't be that difficult, but adding the BIP-340 x-only signatures and x-only ECDH would be the main challenge, it should otherwise be the same as the p2556 elliptic curve
there was a definite, covert, active campaign to keep secp256k1 out of both ssh and gpg that me, personally, find very suspicious, and based on unsubstantiated assessments of the bitwise security of the secp256k1 group... which is quite ridiculous because it's practically the only elliptic curve in wide use that has such a small seed parameter for the curve group that it's impossible it could be backdoored
the same cannot be said about the Edwards twisted ed25519 curve, which is faster than ECDSA but schnorr is on par with it, so, yeah
nostr:nprofile1qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qgnwaehxw309ac82unsd3jhqct89ejhxtcpz4mhxue69uhkummnw3ezummcw3ezuer9wchszxthwden5te0wfjkccte9eekummjwsh8xmmrd9skctcprpmhxue69uhhyetvv9ujuurvv438xarj9e3k7mf0qythwumn8ghj7un9d3shjtnwdaehgu3wvfskuep0qqsqxefne258ydmfgm2wfl02fsdqgs0d5wx29kweg9amxcqxew4t7kqnc5q0m has been working on a C library that packages all the "cryptology" of bitcoin/nostr and that would be at least one spot to look for parts to create this functionality in GPG
Discussion
I guess I should specify that I’m open to a different approach wherein using Nostr keys and some other key (gpg) a user can mutually sign.
That is, the user uses Nostr to sign a message declaring ownership of the gpg key, and the gpg key to declare ownership of the Nostr identity. Only someone with both keys could do this.
Curious if anyone has written up a specification for this approach, which would allow Nostr follows to bridge into web-of-trust for, say, binary attestation with gpg.
So for example. I recently got Qubes OS. Downloaded the iso through BitTorrent, then validated against their signing key, which I had to download and install separately.
Could this process be made simpler by having a Qubes OS nostr identity which co-signed the gpg key proof? Then as long as I follow someone who transitory follows Qubes OS on Nostr, a UI could show me the trust graph and I could approve it (or something).