All notable changes to Podkey will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- NIP-44 (v2) encryption.
window.nostr.nip44.encrypt(pubkey, plaintext)andnip44.decrypt(pubkey, ciphertext)for NIP-17 / NIP-59 gift-wrapped direct messages. The crypto runs in the background worker (@noble/cipherschacha20,@noble/hasheshkdf/hmac, ECDH via@noble/secp256k1) and is checked against the official NIP-44 test vectors. The private key stays in the worker. - Per-origin signing consent. The first request from a site opens an approval popup; closing it or a 60-second timeout denies. Approving grants per-origin trust that you can revoke from the popup.
- Encrypted-at-rest key vault. The private key is persisted only as an
AES-256-GCM ciphertext in
chrome.storage.local, wrapped by a scrypt-derived key from the user's passphrase (src/vault.js). On unlock the decrypted key is cached inchrome.storage.sessionfor fast signing and cleared when the browser closes; the raw key never touches disk. NewUNLOCK_VAULT/LOCK_VAULTmessages, a popup unlock screen, and a clear "Podkey is locked" prompt replace the previous "No keypair found" error after a restart. - NIP-98 Solid authentication. Opt-in HTTP auth to Solid pods. Each token carries a fresh 16-byte nonce and binds the request body hash and the final redirect-aware URL, so one token authorises one request. Trusted Solid hosts are matched exactly.
- Schnorr self-verify. Every signature is checked against the public key before it is returned.
- Extension icons at 16, 48 and 128px, and a
script-src 'self'content-security policy across the popup and test page. - Continuous integration.
.github/workflows/ci.ymlruns build, test and lint on every pull request and push tomain, and uploads a sideloadable extension zip. The 141-case suite covers signing, NIP-44 vectors, NIP-98 token shape, the content-script message whitelist, the consent flow, and the vault crypto (round-trip, wrong passphrase, tamper, salt/iv freshness).
- A trusted origin signs any event kind without a prompt, so Podkey works as a general NIP-07 signer. A normal client publishes kind 0, 10002 and 22242 on every load; those no longer raise a prompt once you trust the site. Untrusted origins still prompt, and approving one grants trust.
- The
window.nostrprovider exposesgetPublicKey,signEventandnip44.{encrypt,decrypt}. - The popup fits within the browser popup height, keeping the Export and GitHub links in view.
0.0.7 - 2024-12-XX
- Improved installation guide on test page with comprehensive step-by-step instructions
- Prioritized direct extension installation over git clone workflow
- Added developer section for building from source
0.0.6 - 2024-12-XX
- Code formatting improvements (prettier)
- Test page installation guide formatting
0.0.5 - 2024-12-XX
- Comprehensive installation instructions on test page
- Clear guidance for users on how to install and use the extension
- Links to did:nostr specification throughout documentation
- License changed from MIT to AGPL-3.0
- All descriptions updated to emphasize did:nostr and Solid authentication
- Test page now shows installation guide when extension is not detected
- Popup UI updated to mention did:nostr and Solid
- Added did:nostr specification link (https://nostrcg.github.io/did-nostr/)
- Updated README to clearly position Podkey as extension for did:nostr and Solid
- Enhanced test page with better user guidance
0.0.4 - 2024-12-XX
- Fixed key generation bug: Changed
randomPrivateKey()torandomSecretKey()for @noble/secp256k1 v3.0.0 compatibility - Added comprehensive error logging for debugging
- Fixed storage test suite (removed beforeEach, using clearStorage function)
- Comprehensive test suite with 20 passing tests
- Crypto function tests (key generation, signing, verification)
- Storage function tests (keypair management, trusted origins, auto-sign)
- Better error handling and logging in background service worker
0.0.3 - 2024-12-XX
- Interactive test page with real-time diagnostics
- GitHub Pages deployment for test page
- Comprehensive README with usage examples
- Proper hash function configuration for @noble/secp256k1 v3.0.0
- Type safety improvements for all API responses
- Better error handling and logging
- Auto-approval for permission requests (service worker compatible)
- Syntax error in
nostr-provider.js(async nip04 assignment) - Event hash calculation now includes pubkey correctly (NIP-01 compliant)
- Signature calculation now converts hex to bytes before signing
- Hash functions properly configured for @noble/secp256k1 v3.0.0
- Response type safety (ensures strings/arrays are correct types)
- Bundle script now properly bundles npm dependencies
- Upgraded @noble/secp256k1 from v2.3.0 to v3.0.0
- Updated to use proper Schnorr signature API
- Improved error messages and diagnostics
- Better handling of undefined/null responses
- Created bundle script using esbuild
- Proper ES module support in service worker
- All dependencies bundled for Chrome extension compatibility
- Basic NIP-07 provider implementation
- Key generation and import
- Event signing with Schnorr signatures
- Popup UI with beautiful gradients
- Trust management system
- Storage abstraction layer