• aegis × Namecoin: sign-time .bit NIP-05 verification
  • What the PR does
  • Test it
  • Numbers
  • Why this matters
  • Links

§aegis × Namecoin: sign-time .bit NIP-05 verification

ZharlieW/Aegis is a simple, cross-platform Nostr signer (Flutter; ships on Android, iOS, macOS, Linux, Windows, and web). PR #14 adds the most security-positive Namecoin integration in the N1 track to date: the signer verifies a .bit NIP-05 claim at sign time — before the user signs a kind:0 metadata event that claims a .bit identity.

NIP-05 verification normally lives in the clients that consume events. Signers see the same events one step earlier, which turns out to be the ideal place to catch a mismatch:

“You’re about to sign a kind:0 that claims _@mstrofnone.bit, but that name resolves to a different pubkey. Sign anyway?”

By the time a reader client surfaces the same mismatch (if at all), the event is already in flight. Catching it inside the signer means it never ships.

§What the PR does

• Hooks all three of aegis’s sign surfaces:
  • NIP-46 remote signer (server_nip46_signer.dart)
  • NIP-07 browser bridge (nip07_handlers.dart)
  • NIP-55 Android intent (nip55_handler.dart)
• On a kind:0 event whose nip05 ends in .bit, resolves the claim via ElectrumX (name_show-equivalent flow over WSS).
• Match → silent sign.
• Mismatch / not-found → modal warning, user picks “Sign anyway” or cancels.
• Network failure → fail-open. Signing never blocks offline.
• Settings toggle, default on.

Wire format: ifa-0001 record layout + ElectrumX scripthash flow, identical to the implementations already shipping in amethyst (Kotlin), Nostur (Swift), dart-nostr (Dart, merged), and in review across the JS ecosystem (nostr-tools #533, nostrudel #352).

One implementation note: the script decoder accepts both OP_NAME_UPDATE (OP_3) and OP_NAME_FIRSTUPDATE (OP_2). Names in their first-update window resolve correctly with this parser. (A matching fix for dart-nostr is queued separately.)

§Test it

Default ElectrumX server set ships 4 public WSS endpoints (works in the web build too). Test identity already on chain:

• _@mstrofnone.bit → npub1gvv9ahktvavf9qjtrgm62le7gplmmchd5usp5wpfhr85hf79kncqj8xchs

Sign a kind:0 with that nip05 from the right key → ✅. From a different key → ⚠️ warning before the signature is produced.

§Numbers

• +1481 / -1 across 15 files (most of it new resolver code, isolated to lib/utils/namecoin/).
• 32 new unit tests; full suite 52/52 green.
• Default on, opt-out via Settings → Sign Policy.

§Why this matters

Most of the N1 work so far has been about making .bit identities resolvable by consumers. Aegis is the first place we’ve made them enforceable at the producer side. Sign-time verification turns the NIP-05 claim from a discoverability hint into a soft commitment: the signer refuses (with the user’s explicit override) to mint events that contradict the chain.

§Links

• GitHub PR: ZharlieW/Aegis#14
• N1 NIP draft: nostr-protocol/nips#2349
• Cross-language refs: amethyst · Nostur · dart-nostr · nostr-tools · nostrudel

#nostr #nip #namecoin #nip05 #aegis #signer #cypherpunk