Skip to content

69.md

Latest commit

 

History

History
96 lines (70 loc) · 4.46 KB

69.md

File metadata and controls

96 lines (70 loc) · 4.46 KB

NIP-69

Linked Crytographic Identities

draft optional

Nostr users may have other crytographic identities such as PGP or SSL certificates. This NIP introduces a replaceable event of kind 10069 that links these identities with a Nostr pubkey.

The event MAY contain zero or more i tags. Each tag MUST have, in the following order:

  • A type (listed below) and a public key fingerprint that MUST NOT contain spaces, joined by a :
  • A signature of the message (described below) in base64 format, unwrapped
  • The full public key in base64 format, unwrapped

Types: pgp, x509

Message: "By signing this message I confirm that I control the private key for the Nostr public key <npub>", where npub is the bech-32 encoded form of the pubkey of the event

{
  "kind": 10069,
  "tags": [
    ["i", "<type>:<fingerprint>", "<signature>", "<public key>"],
    ["i", "<type>:<fingerprint>", "<signature>", "<public key>"],
    // ...
  ],
  // ...
}

Revocation

The event MAY be updated by removing i tags that no longer apply.

Examples

PGP

{
  "kind": 10069,
  "tags": [
    ["i", "pgp:1A04E0F1A78D982BD8885B7EB325A9C5F70849D0", "LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpvd0did012TXdDVzJXWFhsMGU4Y25oY1lUeTlJWWtpVGw0bHpxbFFvemt6UHk4eExWeWpKeUN4V3lFMHRMazVNClQxWHdWRWpPejB2TExNb0ZDaWVXUUxnbFJmazVRRzZxUWtGUlpsbGlTYXBDZG1xbFFscCtFVmpNTDcrNHBFaWgKb0RRcEp6TVpMSkVIWkJ1V3A1a1VsS1lWbHlhbkZwbVdKVnFrV3hZWUZHV1pwdVJsbEtXbFpwaWxXSlFicEp1bApKbFltcGhhWXBtUVVGSnNWRmFjWG14aW5wR2RZY25XVXNqQ0ljVEhJaWlteVNMRTgrTGk4ZDRiMmpZN29PcGdQCldKbEF6bWZnNGhTQWlTU0pNVExjL2E3YmRtZUx3S0dMZWs2NkRTcDYvNmRmMzl6Nk5pN1E1dmcxLytCU0NRY1oKUm9ZOUwvN2NhWW05WnRZN2FkNm1GMy95ak83OVZqbWhZZmF4bm1mNlFaYldDM0lNQUE9PQo9ZXkyagotLS0tLUVORCBQR1AgTUVTU0FHRS0tLS0tCg", "LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptRE1FWmdIZE94WUpLd1lCQkFIYVJ3OEJBUWRBNnBaZ2RzbUR2aVJGNDVDYys5TUJiK3VkUURZZ2ZHRjZrQkJVCk1CeUd4S2EwRjJaeVlXNTZZWEFnUEY5QVpuSmhibnBoY0M1amIyMCtpSk1FRXhZS0FEc1dJUVFhQk9EeHA0MlkKSzlpSVczNnpKYW5GOXdoSjBBVUNaZ0hkT3dJYkF3VUxDUWdIQWdJaUFnWVZDZ2tJQ3dJRUZnSURBUUllQndJWApnQUFLQ1JDekphbkY5d2hKMEw5R0FRQ3VFUFF0aW9EdGlKaWNVSGw4S0RqU0dmRU1laEFWdjZsTGJuZDBTRjN6Ci9BRCtQZWJCcFk3YkwvakY4QnViaU8rVm9nbUhsa2NGZ3h5V2ZEMDYwMDAwb0FvPQo9OWRBUAotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCg"],
    // ...
  ],
  // ...
}

Example command to obtain a signature:

echo "By signing this message I confirm that I control the private key for the Nostr public key npub1wf4pufsucer5va8g9p0rj5dnhvfeh6d8w0g6eayaep5dhps6rsgs43dgh9" | gpg --sign --armor | base64

Example command to export the public key:

gpg --armor --export name@example.com | base64

X.509 certificate

{
  "kind": 10069,
  "tags": [
    ["i", "x509:3220C353A73CFBD0C2F3052471C445324CF452BCBA26DE1C473A52FE5C44E1D6", "DRhQobBXnYFijFjJFZNWiAstqDv+8OACMQIzh+KKw0XS1PW869alYSW4erTUx8xlymlpMoC9et5+kLcfkOXf9jF2UVv5R1JCEGwD5L3/04OtT97h9CftPy1pvuYV6mhja3Ccv2RKGg7Hk99VlpQtFjtgbmCTxaXONGNhYbR/EL6aCEvKfyuuYyodtWTyo1Ys/R6eF7dqFPrDQ/rQ5W14Jmfxhvgn0SW83WqFy/d1A6AQqrku1ZWcHqk41Xaj72A5VmYY5bIe5NTTPTFVz6WhHkx452iZ9w6YlEz2PGzYlUAwq0arpXsD8BJrfBrTj9t+PMRvTV+Sw50Hgu4Ajl9waw==", "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0cDczdXhiZGdkK3ZKNTZPWGM3dwpWZHQ2aDlwL282cDNBMDNub2ErR2F3TVpSMUVpbi8wMnZlaU54dHZqM3V3emFxazJRTFEwUkRlMnNiMnVHZ0RFCitEc1RONEdOb1JRVndGQUJramp3VlpIa0lnc1c3Q3o3dFBCTW5aRjBRT3Ixa1NwR09wL0crUDJUUHFvS0o4cXQKU0xnZzBQdW5CbHRxeEhtWFlPQXVicWlHaDRmdEt3UmFpQWh0MFQxOFJiZnNvY21XR1RwclYzS1BsalNxMWxveQpjSEx3QnROT3ZQdVhsMzl4cXExek1xTmFaTXpBbFdGeU12dmllMmU3ZWJFakdjY3pLSy9jWER0RzFNb1lIV0RvCndiQWdtemhWa2JFakJRREVPUWdGWmtiTURXRUpUemZlRVJNUzU5TU1PaTVrbTBHejVaalhRWHlhSTNFN1FadlgKUVFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg=="],
    // ...
  ],
  // ...
}

Example commands to find the SHA-256 fingerprint of the certificate from a keystore:

keytool -list -keystore example.keystore

Example commands to extract the private key and sign the message:

keytool -importkeystore -srckeystore example.keystore -destkeystore example.p12 -deststoretype pkcs12

openssl pkcs12 -in example.p12 -nocerts -nodes -out privatekey.pem

echo "By signing this message I confirm that I control the private key for the Nostr public key npub1wf4pufsucer5va8g9p0rj5dnhvfeh6d8w0g6eayaep5dhps6rsgs43dgh9" | openssl dgst -sha256 -sign privatekey.pem | openssl base64 -A

Example command to extract the public key:

openssl rsa -in privatekey.pem -pubout | base64