I learned about Nostr a few months ago on Hacker News. Nostr, which stands for Notes and Other Stuff Transmitted by Relays is a free and open source protocol. Its name describes its purpose well. The protocol is for transmitting notes (and other stuff) across the internet using relays. While I understand many things can be built on top of Nostr, its most popular implementations at the moment are Twitter-like microblogging applications (the clone wars continue). In this article, I will explain how I set up my author profile on The New Leaf Journal to verify my new Nostr “account” using NIP-05. Do note that the purpose of this post is not to explain what Nostr is in detail or how to use it beyond creating an account and using a self-hosted WordPress author profile to verify the Nostr account. I recommend the following sources written by far more knowledgeable people than me to learn about Nostr:
Create a Nostr Private Key
In order to use Nostr, one must have a keypair. A Nostr keypair consists of a public and private key. The public key is used to identify a Nostr poster. The private key is used to sign posts and should never be disclosed publicly since that is the root of the “account.”
There are many Nostr clients, that is, interfaces for reading posts from Nostr relays and posting to relays. Some of the clients make it easy to create a Nostr account. After learning a bit, I decided to see if I could avoid giving my private key to a Nostr client, which requires trusting the client’s security. Instead, I used a extension called nos2x to generate a Nostr keypair. The neat thing about the extension is that it can be used to sign posts with compatible Nostr clients without needing to store the private key with those clients.
While Firefox is my primary browser, I created a profile in Brave for all of my Nostr usage. Because Brave is Chromium-based, I installed nos2x in my Nostr profile on Brave.
After opening nos2x, you can generate a private key in the extension. I generated a private key and then saved the key in a text file, which I saved into my password manager as a file (I use KeepassXC). It is important to save a copy of the private key (and keep it safe!).
Nos2x is not the only extension you can use. Coracle, which I will discuss below, provides a list with other options.
Setting up Nostr Profile in Coracle Social
There are many Nostr clients available, that is, ways of interacting with Nostr. After a bit of research, I decided to use Coracle, a web-based client, to set up my “account.”
While one can sign into Coracle by giving the application your private key, Coracle recommends using an extension instead. I opted to log in with nos2x and the log-in worked as expected. From there, I added some details to my account.
Coracle, like other Nostr clients, allows users to select a username. This is useful because without a username for humans, a profile’s only identifier is the long string of letters and numbers which make up the public key. Now you will see in the above screenshot that I put firstname.lastname@example.org as my NIP-05 identifier. While I will not go into too much detail here, you can use your own domain to verify your Nostr account and then use a sort of alias for your account which combines your Nostr username with your domain. Your account is still technically identified by the public key, but the NIP-05 identifier makes it easier to search for you and explicitly connects your Nostr presence to a traditional domain. You can learn more about NIP-05 here.
In order for NIP-05 to work, you need to prove that you actually own the domain by placing a JSON file in a specific directory on your own server. I had actually tried to do this manually with The New Leaf Journal back in March but failed. Fortunately, a WordPress plugin came along and made the task easy.
Installing and Configuring Nostr Verify
I came across a WordPress plugin called Nostr Verify by Mr. Jeremy Herve (also see his blog post about the plugin). The plugin is new and only has a small number of installs, so I made sure to properly vet it before installing. Mr. Herve, the developer, works on Jetpack, a WordPress plugin maintained by the corporation behind WordPress, Automattic. While we do not use Jetpack, it has a good background for a plugin developer. Plugin Tests revealed no issues. Finally, I made sure that I understood the directions before installing. Everything looked good so I gave it a go. You can install Nostr Verify from the regular WordPress plugin repo. Activate the plugin and then go to the profile page for the user who controls the Nostr account in question.
Nostr verify adds two fields to your user profile page on WordPress. The first field is your Nostr name. The second field is the hex version of your public key. See my final settings below:
When I first set this up, I mistakenly thought that the “Nostr name” field had to correspond to my Nostr username. This is not the case. The Nostr name field in the Nostr Verify settings is only for the NIP-05 identifier. I had wanted my NIP-05 identifier to be email@example.com from the start. However, the Nostr username I set in Coracle does not have to be the same as the NIP-05 Nostr name. Thus, I changed my Nostr user name from nafnlj to N.A. Ferrell while keeping nafnlj for my NIP-05 identifier handle. Thus, my WordPress Nostr Verify Nostr name settings are unchanged. (Note per the instructions that if you want your NIP-05 identifier to only be the domain, e.g., @thenewleafjournal.com, you should enter an underscore for Nostr name.)
The second field asks for your public key, not your private key. But there is a twist. The extension wants the hexadecimal version of your public key. Most clients will show the npub version instead. Coracle actually has a toggle in the keys section of its menu to show the hex version of the key instead of the npub version. However, if your client of choice does not show hex so readily, you can use the site recommended by the plugin to convert your key.
After setting things up in WordPress, I returned to Coracle and set firstname.lastname@example.org as my NIP-05 identifier. Coracle reflected the change almost instantly, and in Coracle I now have a check-mark with my domain next to my profile.
Different clients may indicate verification in different ways. I checked a few different clients and confirmed that all were showing my NIP-05 verification status.
This concludes my short guide to using a self-hosted WordPress install profile to verify your Nostr account. Do note that this can be done manually as well and that other sites can be configured to verify Nostr profiles (I have seen guides for setting up a free GitHub or GitLab Pages site for this purpose). If you have your own WordPress site and are interested in giving Nostr a try, this Mr. Herve’s plugin makes it easy to do in just a few minutes. I thank Mr. Herve for creating a terrific plugin which makes WordPress-Nostr verification very intuitive.