Better nsec protection / wider interoperability for Nostr as an identity signing system:
Wait till Cashu.me supports tokens natively locked to npub:
nostr:npub1xv8mzscll8vvy5rsdw7dcqtd2j268a6yupr6gzqh86f2ulhy9kkqmclk3x As you guys are leading the way on supporting Schnorr signing outside of the structure of Nostr events, Iβd appreciate your thoughts on a βstandardβ method signature that is future proof which all signers could adoptβ¦ if we can convince fiatjaf to include as optional in NIP07/46β¦ or adopt informally if not. As above, it might be better renamed to avoid issues with your established method.
The current iteration is mostly aligned with Alby existing except expects a raw message string.
If I was drafting the method from scratch for NIP07/46, it would return all the data needed to do checks and verification on what was signed and who by eg:
async function signString(message: string) : {hash, sig, pubkey} // sha256 hash of message, Schnorr sig of hash, pubkey of signer
Nostr events are always presented in raw form for signing, and I believe it is probably safer to present the raw string for signing too so user can be sure they are not signing something unintended or malicious that might lose them money (eg a bitcoin transaction)
eg, for a Cashu P2PK token, the raw string would be something like:
[\"P2PK\",{\"nonce\":\"859d4935c4907062a6297cf4e663e2835d90d97ecdd510745d32f6816323a41f\",\"data\":\"0249098aa8b9d2fbec49ff8598feb17b592b986e62319a4fa488a3dc36387157a7\",\"tags\":[[\"sigflag\",\"SIG_INPUTS\"]]}]
Sometimes comedy writes itself
Nostly Cashu Redeem now supports the nostr:nprofile1qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcppemhxue69uhkummn9ekx7mp0qqsyv47lazt9h6ycp2fsw270khje5egjgsrdkrupjg27u796g7f5k0s0pfy4z Extension for signing P2PK locked tokens. So you can use it instead of entering your nsec.
https://www.nostrly.com/cashu-redeem/
It's the ONLY Nostr extension I'm aware of that currently supports Schnorr signing.
Hopefully more will in time.... FREE THE SCHNORR!
https://github.com/nostr-protocol/nips/pull/1842
#nostr #cashu #bitcoin #schnorr #p2pk #nut11
Question nostr:nprofile1qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcppemhxue69uhkummn9ekx7mp0qqsyv47lazt9h6ycp2fsw270khje5egjgsrdkrupjg27u796g7f5k0s0pfy4z - why does your signer take the sha256 hash as the input (sigHash), rather than the raw string to sign?
It would be better for people to SEE what they are signing for, instead of just a random hash string... the method could then hash for signing.
Nostly Cashu Redeem now supports the nostr:nprofile1qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcppemhxue69uhkummn9ekx7mp0qqsyv47lazt9h6ycp2fsw270khje5egjgsrdkrupjg27u796g7f5k0s0pfy4z Extension for signing P2PK locked tokens. So you can use it instead of entering your nsec.
https://www.nostrly.com/cashu-redeem/
It's the ONLY Nostr extension I'm aware of that currently supports Schnorr signing.
Hopefully more will in time.... FREE THE SCHNORR!
https://github.com/nostr-protocol/nips/pull/1842
#nostr #cashu #bitcoin #schnorr #p2pk #nut11
Nostr has me checking single emojis nowβ¦ just in case thereβs hidden sats.
Thanks nostr:npub12rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sf485vg nostr:npub1emq0gngdvntdn4apepxrxr65vln49nytqe0hyr58fg9768z5zmfqcwa3jz
Sorry, not sorry πσ σ σ £σ σ ₯σ ²σ σ ’σ Άσ €σ σ ³σ Ίσ σ σ Έσ σ §σ σ ͺσ σ ¦σ Όσ ’σ ‘σ σ σ σ σ ₯σ σ σ σ ₯σ σ σ Ίσ σ σ Έσ ½σ ₯σ σ ’σ Άσ ͺσ σ ³σ ©σ ³σ σ σ σ σ σ ’σ σ ₯σ σ σ σ σ σ ’σ Άσ σ σ σ σ ²σ σ σ Άσ σ σ ±σ ²σ σ ²σ σ ΄σ §σ σ σ Άσ ·σ σ σ ³σ ΄σ σ ·σ Άσ σ ΅σ ·σ Άσ ͺσ σ ΅σ ±σ ₯σ Ώσ σ σ σ Ύσ ·σ σ σ σ σ σ σ ½σ ͺσ ½σ ₯σ ½σ ͺσ σ ¨σ σ ’σ σ ¨σ Ώσ σ σ ¨σ σ ΄σ Ήσ ¨σ Ύσ ͺσ σ €σ Ύσ ΄σ σ €σ Ύσ σ σ §σ σ σ Ίσ σ σ σ Άσ σ ½σ ΄σ ±σ ₯σ Ώσ ΄σ σ §σ Ώσ σ σ ©σ σ σ σ σ ½σ ΄σ σ ₯σ Ύσ ·σ σ ¨σ Ώσ ΄σ σ σ Ύσ ΄σ ²σ σ σ σ Ύσ σ Ήσ σ Ίσ ’σ ₯σ ‘σ Όσ σ σ σ £σ ’σ ·σ ²σ σ σ ±σ £σ σ σ σ §σ Ύσ Άσ ‘σ §σ ‘σ £σ σ σ ·σ σ ΅σ ¦σ σ σ £σ ’σ σ Όσ §σ §σ σ Ίσ σ σ Άσ σ σ ’σ Άσ σ σ ³σ ±σ σ ½σ σ σ σ ’σ ’σ σ Έσ ©σ ©σ ²σ ’σ ¨σ ¨σ σ σ Ύσ σ σ σ §σ σ σ Έσ ©σ Ήσ σ Ίσ σ ±σ σ σ £σ σ ¦σ €σ ‘σ ³σ €σ ©σ σ σ Άσ ͺσ σ ³σ ²σ σ ¨σ Όσ £σ σ σ σ ©σ σ σ §σ σ σ σ σ σ σ £σ ©σ ¦σ €σ Ώσ σ £σ Όσ σ ©σ σ σ σ σ ’σ σ ΄σ ½σ σ ±σ ©σ σ σ σ €σ ·σ Άσ ©σ σ ³σ ²σ σ Ίσ Ώσ ±σ σ σ σ σ σ »σ ¨σ ’σ σ Ίσ σ ¦σ »σ σ σ σ ©σ σ »σ ₯σ ‘σ Άσ σ σ ¦σ ₯σ σ σ ₯σ σ σ σ σ ’σ ±σ £σ σ σ σ σ σ σ σ σ σ σ £σ σ ±σ σ ΄σ ²σ σ Ώσ σ σ σ Ύσ ’σ σ σ σ σ Ίσ σ Ύσ ͺσ σ σ ½σ ͺσ σ ‘σ σ σ ½σ ₯σ ½σ ’σ Άσ σ σ ·σ σ σ Ύσ σ σ σ ½σ σ Ίσ σ Ύσ ͺσ σ ͺσ Ύσ σ σ σ ½σ ΄σ σ ¨σ ½σ ΄σ ΅σ §σ σ ͺσ Ήσ €σ Ύσ σ σ €σ Ύσ ͺσ Ύσ σ Ώσ σ Ύσ σ Ύσ ͺσ ΅σ €σ ½σ σ σ ’σ σ σ Άσ σ σ ³σ ΅σ ³σ σ €σ ₯σ ²σ σ Ύσ €σ σ ‘σ ·σ σ »σ σ £σ ΅σ σ σ σ £σ σ Ώσ σ »σ Ήσ σ σ ²σ ΄σ Όσ σ σ σ §σ Ίσ σ ©σ σ ’σ σ σ σ ±σ σ σ σ »σ Ύσ σ σ σ σ σ £σ σ σ σ ‘σ σ σ σ σ σ σ Έσ ½σ σ ₯σ σ σ Όσ σ σ Άσ σ €σ σ ½σ ±σ Άσ σ σ ¨σ €σ σ ’σ ²σ σ Ύσ €σ σ σ σ ¦σ σ ¨σ σ σ ‘σ σ σ £σ Ίσ £σ §σ σ ·σ »σ »σ σ Άσ σ σ σ σ §σ €σ σ σ σ σ Ίσ ©σ Ώσ Ώσ ’σ σ σ €σ σ σ σ ₯σ ¦σ »σ σ §σ σ Ώσ ‘σ σ Έσ ₯σ ₯σ σ σ σ σ σ σ €σ σ Ύσ ¨σ σ §σ ¨σ Ήσ σ ’σ ³σ Ήσ σ ₯σ ’σ ©σ σ σ ©σ ³σ σ ¦σ σ σ σ ₯σ »σ €σ σ ¨σ σ ©σ ¦σ Ύσ ·σ £σ σ ³σ σ σ σ ·σ σ σ σ ΅σ ²σ σ σ Ύσ €σ σ ΄σ σ ©σ ½σ σ σ §σ Ύσ ·σ σ σ σ σ σ ͺσ Ύσ σ σ σ Ύσ σ ±σ ₯σ Ύσ ’σ ΅σ €σ σ σ σ σ σ ͺσ σ σ Ύσ σ σ ₯σ Ύσ ͺσ σ ©σ ½σ σ ΅σ £σ Ύσ ͺσ σ £σ σ ·σ Ήσ σ σ σ ΅σ ͺσ σ σ σ ©σ σ σ ²σ σ σ ΄σ σ σ Ύσ σ σ ’σ Ύσ ·σ σ €σ ½σ ΄σ σ ₯σ σ ͺσ ²σ σ σ ‘σ σ σ ±σ σ σ σ Ίσ σ §σ ¨σ σ ¨σ Άσ σ Έσ Ύσ σ ₯σ ΄σ σ ₯σ ’σ Ήσ σ ‘σ ’σ σ σ σ ͺσ »σ ΅σ ³σ ₯σ σ £σ σ σ σ Ίσ £σ ‘σ ₯σ §σ σ σ σ σ σ σ σ σ σ σ Ήσ ½σ σ ³σ σ £σ Όσ Ύσ ΅σ ₯σ σ ©σ σ Ίσ Όσ σ £σ €σ ’σ £σ »σ €σ σ €σ ₯σ €σ σ σ σ Όσ σ ±σ ’σ σ €σ σ ©σ Έσ Όσ σ σ σ σ σ σ σ Ύσ σ Ήσ ΅σ €σ σ ±σ σ σ σ σ σ Όσ σ σ σ σ Ώσ Όσ ©σ ͺσ »σ ±σ ’σ σ £σ σ σ σ Άσ ΅σ Έσ ΄σ ’σ ₯σ σ €σ σ ‘σ ³σ σ σ σ ‘σ ³σ σ σ σ Ίσ σ Ήσ Ύσ Έσ σ ©σ σ ½σ ³σ §σ ¦σ σ ·σ ±σ ΅σ σ ¨σ ‘σ £σ ½σ Ώσ σ σ σ ΄σ ‘σ σ ½σ σ ‘σ ‘σ σ σ ’σ σ Άσ σ σ σ Ήσ ¦σ ²σ Όσ σ Ή !!!
Yes, cashu mints want a Schnorr signature on a structured string⦠signers create signatures on a event, changing the structure that gets signed.
Need to convince fiatjaf to add signSchnorr() to Nostr NIPS-07/46:
Understandable. There is a standalone opensource version you can download, inspect and run from your computer.
It's a bit bleeding edge... and you need to use your nsec to decode them as Nostr doesn't specify signers can create schnorr signatures outside of events.
Paste into Nostrly Cashu Redeem (either online or the standalone version) to check you copied emoji out ok - sometimes Primal can break them at the see more... so generally best to copy the entire note.
If the token reads ok, you can enter your nsec and a lightning address to redeem it to.
Cashu.me wallet will shortly allow redemption straight to Cashu wallet.
You'll need to use:
https://github.com/robwoodgate/cashu-redeem
or
https://www.nostrly.com/cashu-redeem/
or
0xchat.com
or wait a few more days for Cashu.me to support redemption: