nips icon indicating copy to clipboard operation
nips copied to clipboard

Published 20 hours ago verified publisher icon nostr-protocol

Android Signer Application

Open greenart7c3 opened this issue 1 year ago • 11 comments

Nostr event signer for Android. It allows users to keep their nsec segregated in a single, dedicated app without requiring any extensions or web servers.

greenart7c3 avatar Nov 08 '23 13:11 greenart7c3

I think it would also be better to have a Signer interface spec instead of separated nips like @vitorpamplona suggests in #720

greenart7c3 avatar Nov 08 '23 13:11 greenart7c3

This looks good.

fiatjaf avatar Nov 08 '23 15:11 fiatjaf

Looks good.

Is there a way to identify all signers installed in the phone?

For instance: Amethyst's login screen would have a "Login with another app" button that creates a URI intent that triggers Android's app chooser. The chosen Signer app receives the request to connect and replies with package name and any other details to assemble follow up calls.

vitorpamplona avatar Nov 10 '23 14:11 vitorpamplona

Looks good.

Is there a way to identify all signers installed in the phone?

For instance: Amethyst's login screen would have a "Login with another app" button that creates a URI intent that triggers Android's app chooser. The chosen Signer app receives the request to connect and replies with package name and any other details to assemble follow up calls.

A quick test I did you can use this code but you need the QUERY_ALL_PACKAGES permission:

val intent = Intent(Intent.ACTION_VIEW, Uri.parse("nostrsigner:"))
for (info in this.packageManager.queryIntentActivities(intent, 0)) {
    val packageName = info.activityInfo.packageName
    Log.d("Packages", "package = $packageName")
}

I havent found a way to get the package name from the android app chooser

greenart7c3 avatar Nov 10 '23 14:11 greenart7c3

I havent found a way to get the package name from the android app chooser

I think it will need to be manual. It goes to the Signer app and the signer app sends an Intent back. Maybe the GetPublicKey call shouldn't specify the package and the return of that call should include a package in StringExtra. Then the app saves the package name in the external signer.

vitorpamplona avatar Nov 10 '23 15:11 vitorpamplona

I am starting to think we should deprecate the Private Zap implementation used by Damus and Amethyst (event kind 9733)

The main issue is that it requires a special decrypt_zap function and a special handling of the sign function here, in the browser extension, and in NIP-46. And it requires it because the private key used in private events is a sha256(privkey + (event_id for posts or pubkey for users) + createdAt.toString())

Since apps with external signers (extension + NIP-46 + this one) cannot access the user's private key, they cannot generate the new key by themselves. The signer application must then have a special method to receive a created_at + event_id or a pubkey to assemble the key and sign it :(

vitorpamplona avatar Nov 12 '23 15:11 vitorpamplona

I am also getting some feedback from the #nostrdesign and I think I'll add some permissions to the get public key so the users can approve or reject them when logging. So we can avoid showing a lot of pop ups.

Example

And in the content provider I need to add something to tell the app the user rejected the event kind/type forever

greenart7c3 avatar Nov 12 '23 15:11 greenart7c3

@greenart7c3 can you check if this up-to-date with your implementation?

vitorpamplona avatar Feb 01 '24 23:02 vitorpamplona

It is. Should I remove the nip 04 methods from here?

greenart7c3 avatar Feb 01 '24 23:02 greenart7c3

We should merge this. @fiatjaf

vitorpamplona avatar Mar 08 '24 12:03 vitorpamplona

Can we get this merged, please? Multiple android clients are using Amber with this API.

vitorpamplona avatar May 30 '24 15:05 vitorpamplona