search

fiatjaf / nos2x

nostr signer extension
278 stars 55 forks source link

Added Hmac key derivation and key tweaking API #26

Closed cmdruid closed 6 months ago

cmdruid commented 1 year ago

Edit: I have made the following updates to window.nostr:

getPublicKey (tweak : string) => string
/** 
* If no tweak argument is provided, works as normal.
* 
* If a tweak string is provided, returns the 
* tweaked public key.
*/
signEvent (
  event : NostrEvent,
  tweak : string
) => SignedEvent
/** 
* If no tweak argument is provided, works as normal.
* 
* If a tweak string is provided, returns an event 
* that is signed using the tweaked private key.
*/
getHmacKey (
  key : string, 
  fmt : 'SHA-256' | 'SHA-512'
) => string
/** 
* Optional, but I have included an API call 
* that returns a raw tweak that is deterministic,
* but does not include the private key.
*/

I have also included a test.html page which tests all endpoints. To use the testing tool, simply launch test/test.html using a web server or browser. Make sure that the private key embedded in test.html also matches the private key saved in your nos2x extention. (also make sure to backup your real private key)

My reason for adding these methods is that there are multiple cases where I need to either derive key material from the master private key, or otherwise generate key-pairs for signing. It would be nice if I could do this using the extension, so that the extension could retain custody of the master key (and ideally all derived keys). Otherwise I have to create these keys outside of the extension, in which case the extension becomes useless outside of protecting a single key.

I am using the native WebCrypto library for hmac signing, and the @noble/secp256k1 library for basic private key tweaking (finite field addition).

All feedback is welcome.

fiatjaf commented 1 year ago

Thank you for your valuable hacking work, but see https://github.com/nostr-protocol/nips/pull/221#issuecomment-1420463672

cmdruid commented 1 year ago

Any update on this? I have made the suggested changes per the other thread.

githubbbie commented 1 year ago

@cmdruid can you update this?

cmdruid commented 1 year ago

@cmdruid can you update this?

@fiatjaf made it clear he wasn't going to accept any changes, but I don't mind making updates if there's a desire to merge this