Add PGP as NIP-39 external identity

[franzaps]

I thought it would make sense to add PGP here as it is an external identity, but open to move it somewhere else

Should the full PGP public key be included as well?

[gzuuus]

It would also be very interesting to introduce external identities native to nostr, e.g. an external key event that signs your identity can be used as proof of external identity. In nip-41 pr #1032 I use this to determine a proof for the next master key rotation. For example [ "i", "nostr:external-pubkey", "event-id-of-the-external-pubkey-signing-your-pubkey" ].

[franzaps]

@gzuuus I lack the knowledge to fully understand your NIP-41 proposal but we 100% need a sound way of rotating keys in nostr. Thanks for writing that up

[franzaps]

@Semisol I randomly found out that the merging of this PR has been reverted by you. Would you mind commenting here what is wrong and how in your opinion it should be fixed?

[franzaps]

The proof should contain a way to point back to the nostr keypair signing this event (the PGP fingerprint does not).

My suggestion is to change the proof to PGP-sign a nostr event with a message of Verifying that I control the following Nostr public key: <npub encoded public key> in the content field, signed by that same npub (which is also the one signing the kind 0 event).

The event JSON should be added as a third entry in the array. A fourth entry could also be included with a link to the full public key file in plaintext (asc).

["i", "pgp:A999B7498D1A8DC473E53C92309F635DAD1B5517", "xsFNBF2V8eEBEADmjYzGOpxEI0J7jQ1qFzlsrjF6NaBSq+UqKw...", "{\"id\": \"4376c65d2f232afbe9b882a35baa4f6fe8667c4e684749af565f981833ed6a65\",\"pubkey\": \"6e468422dfb74a5738702a8823b9b28168abab8655faacb6853cd0ee15deee93\",\"created_at\": 1673347337,\"kind\": 1,\"content\": \"Verifying that I control the following Nostr public key: npub1dergggklka99wwrs92yz8wdjs952h2ux2ha2ed598ngwu9w7a6fsh9xzpc`\",\"tags\": [],\"sig\":\"908a15e46fb4d8675bab026fc230a0e3542bfade63da02d542fb78b2a8513fcd0092619a2c8c1221e581946e0191f2af505dfdf8657a414dbca329186f009262\"}", "https://dergigi.com/PGP.txt"]

A simpler version would be simply PGP-signing the message Verifying that I control the following Nostr public key: <npub encoded public key> (not the full nostr event) but I'm not sure if there are negative implications.

@fiatjaf how does this sound to you?

[caesar]

It would be great to add OpenPGP keys here again somehow. It would be useful in order to add Nostr support to Keyoxide.

@franzaps I would have thought your second suggestion would be sufficient, I don't see that it should be necessary to create a Nostr event, signing a text string containing the OpenPGP fingerprint should be enough.
@Semisol do you have any input on that, since it was you that pointed out (correctly) that just signing the fingerprint wasn't enough?

One other thing, perhaps the prefix should be openpgp4fpr, since that's a standard?

[franzaps]

@caesar this is old, it was merged then removed. It continued here #1182 which we started using in zap.store and soon be merged into NIP-39 (will send PR)

[caesar]

@franzaps thanks! I'll comment there.