Community

Apps

NIP-07 Signers

NIP-07 is one of the small standards that changes the whole product experience. It lets a browser or extension expose a signing interface to a web app so the app can ask for signatures without receiving the private key itself.

NIP-07: NIP-07 Signers visual
Apps The product layer Clients, signers, publishing tools, wallets and protocol utilities.
Back to Nostr
Apps

Apps shelf

Apps pages collect clients, signers, tools, developer libraries and product research without turning the app into the whole network.

Apps All Apps pages App routeProduct profiles, categories, tools and source links Browse appsClose shelf

App orientation

App categories

App profiles

0xchatadvanced-nostr-searchAegisAlbyAlby GoAlby HubAlby HubAlby SDKAmberAmberAmethystAmethystApp and product researchApplication-specific dataBlossomBlossom spec NIP-B7BookstrBorisBouquetCalendar by FormstrChachiNostr Apps DirectoryCoracleCoracleCorny ChatCreatrDamusDamusDeveloper stack researchDittoDittodiVineDocstrDTANEmojitoFlotillaFlycatFormstrFountainFreeFromFundstrfutrGIF BuddyGittrgo-nostrGossipGossipGrimoireGroups NIP-29HablaHablaHello Nostr — ResourcesHighlighterHiveTalkhomebrew-nostrHORNET StorageHugo2NostrHyperNoteIrisIrisJumblekanbanstrKeys BandListrLNBits NostrmarketLumeLumilumiLUMINAMapstrMarmot Protocolmatrix-nostr-bridgeMeetstrMemestrMindsmonstrmostardMostronaknak — Nostr Army KnifeNalgorithmNarrnashboardNDKNegentropyngitNofluxNosNos Socialnos2xnosbinnosclNostorg Feature MatrixNostr App ManagerNostr Apps Directory GuideNostr clients feature listNostr Compass — ProjectsNostr Developer GuideNostr Development KitNostr Events MonitorNostr MCP ServerNostr NestsNostr PlaygroundNostr Service ProvidersNostr Writernostr-post-checkernostr-protocol/nostrnostr-rubynostr-sdknostr-sdk-ffinostr-sdk-flutternostr-to-rssnostr-toolsNostr.bandnostr.buildnostr.co.uk ClientsNostr.how — Clientsnostr.hsNostrabilityNostrAppsNostrApps category — AudioNostrApps category — CareerNostrApps category — CommunityNostrApps category — CurationNostrApps category — Direct MessageNostrApps category — DiscoveryNostrApps category — File SharingNostrApps category — Group ChatNostrApps category — MeatspaceNostrApps category — OnboardingNostrApps category — SignersNostrApps category — Toolsnostrchecknostrdbnostrdb-rsNostreeNostreonNostriaNostridNostrium / read.nostr.comNostrmoNostrubenoStrudelnoStrudelNostterNosturNosturNotedeckNpub.proNpub.worldnsec.appnsiteNsiteNstart.meObsidian Nostr WriterOlasOpenvibeOracoloOstrich WorkOwn Your PostsP2P BandPazPeridotPhoenixPlebeian MarketPostizPostr / write.nostr.comPrimalPrimalPrimal Article Editor / Reads authoringPrimal Studiopynostrpython-nostrRecommended Application HandlersRelay Toolsrsslayrust-nostrrust-nostr docsSatelliteSatellite EarthSatlantisSatShootShakespeareShopstrSlidestrSnortSnortStemstrswift-nostr-clientTreasuresWavlakeWavlakeWikifreediaWikistrYakiHonneYakiHonneYakiHonne mobile/web app directoryYondar

App pages

Deep dives

Field guides

Awesome Nostr branches

Research and library

Source inventory

Deep Research: Clients, apps and product surfacesDeep Research: Developer stack and toolingResearch Map: nostrapps.comResearch Source: 0xchatResearch Source: 0xchat — NostrApps pageResearch Source: advanced-nostr-searchResearch Source: Aegis — NostrApps pageResearch Source: AlbyResearch Source: Alby — NostrApps pageResearch Source: Alby GoResearch Source: Alby HubResearch Source: Alby Hub GitHubResearch Source: Alby SDKResearch Source: AmberResearch Source: Amber — NostrApps pageResearch Source: AmethystResearch Source: Amethyst GitHubResearch Source: Awesome Nostr ResourcesResearch Source: BookstrResearch Source: BorisResearch Source: Boris — NostrApps pageResearch Source: BouquetResearch Source: Bouquet — NostrApps pageResearch Source: Calendar by FormstrResearch Source: ChachiResearch Source: Chachi — NostrApps pageResearch Source: CoracleResearch Source: Coracle — NostrApps pageResearch Source: Corny ChatResearch Source: DamusResearch Source: Damus — NostrApps pageResearch Source: DittoResearch Source: Ditto — NostrApps pageResearch Source: DocstrResearch Source: DTANResearch Source: DTAN — NostrApps pageResearch Source: EmojitoResearch Source: Emojito — NostrApps pageResearch Source: Flotilla — NostrApps pageResearch Source: FlycatResearch Source: FormstrResearch Source: Formstr — NostrApps pageResearch Source: FountainResearch Source: FreeFromResearch Source: FreeFrom — NostrApps pageResearch Source: FundstrResearch Source: futrResearch Source: futr — NostrApps pageResearch Source: GIF BuddyResearch Source: GIF Buddy — NostrApps pageResearch Source: GittrResearch Source: go-nostr GitHubResearch Source: GossipResearch Source: Gossip — NostrApps pageResearch Source: GrimoireResearch Source: Grimoire — NostrApps pageResearch Source: HablaResearch Source: Habla — NostrApps pageResearch Source: Hello Nostr — ResourcesResearch Source: HighlighterResearch Source: HiveTalkResearch Source: HORNET Storage — NostrCompassResearch Source: IrisResearch Source: Iris — NostrApps pageResearch Source: JumbleResearch Source: Jumble — NostrApps pageResearch Source: Keys BandResearch Source: Keys Band — NostrApps pageResearch Source: ListrResearch Source: LNBits NostrmarketResearch Source: LumeResearch Source: LumilumiResearch Source: LUMINAResearch Source: MapstrResearch Source: Marmot ProtocolResearch Source: MeetstrResearch Source: MemestrResearch Source: MindsResearch Source: monstr GitHubResearch Source: mostardResearch Source: MostroResearch Source: my.nostr.comResearch Source: nak — Nostr Army KnifeResearch Source: nak GitHubResearch Source: NalgorithmResearch Source: Narr — NostrApps pageResearch Source: nashboardResearch Source: NDK GitHubResearch Source: NDK NPMResearch Source: NegentropyResearch Source: Noflux — NostrApps pageResearch Source: Nos SocialResearch Source: Nos Social — NostrApps pageResearch Source: nos2xResearch Source: nos2x — NostrApps pageResearch Source: nosbinResearch Source: noscl GitHubResearch Source: Nostorg Feature MatrixResearch Source: Nostr App ManagerResearch Source: Nostr Book — KindsResearch Source: Nostr DesignResearch Source: Nostr Developer GuideResearch Source: Nostr NestsResearch Source: Nostr Nests — NostrApps pageResearch Source: Nostr PlaygroundResearch Source: nostr-post-checkerResearch Source: nostr-protocol/nostr GitHubResearch Source: nostr-sdk crates.ioResearch Source: nostr-sdk-ffi GitHubResearch Source: nostr-tools GitHubResearch Source: nostr-tools NPMResearch Source: Nostr.BandResearch Source: nostr.buildResearch Source: nostr.co.uk ClientsResearch Source: Nostr.howResearch Source: Nostr.how — ClientsResearch Source: Nostr.how — ProtocolResearch Source: Nostr.how — What is Nostr?Research Source: Nostr.orgResearch Source: NostrabilityResearch Source: NostrAppsResearch Source: NostrApps category — AudioResearch Source: NostrApps category — CareerResearch Source: NostrApps category — CommunityResearch Source: NostrApps category — CurationResearch Source: NostrApps category — Direct MessageResearch Source: NostrApps category — DiscoveryResearch Source: NostrApps category — File SharingResearch Source: NostrApps category — Group ChatResearch Source: NostrApps category — MeatspaceResearch Source: NostrApps category — OnboardingResearch Source: NostrApps category — SignersResearch Source: NostrApps category — ToolsResearch Source: nostrcheckResearch Source: nostrdb GitHubResearch Source: NostreeResearch Source: Nostree — NostrApps pageResearch Source: NostriaResearch Source: Nostria — NostrApps pageResearch Source: NostridResearch Source: Nostrmo — NostrApps pageResearch Source: Nostrmo GitHubResearch Source: NostrubeResearch Source: noStrudelResearch Source: noStrudel — NostrApps pageResearch Source: NostterResearch Source: NosturResearch Source: Nostur — NostrApps pageResearch Source: NotedeckResearch Source: Npub.proResearch Source: Npub.worldResearch Source: nsec.appResearch Source: NsiteResearch Source: Nstart.meResearch Source: Nstart.me — NostrApps pageResearch Source: Obsidian Nostr Writer — NostrApps pageResearch Source: OlasResearch Source: Olas — NostrApps pageResearch Source: OpenvibeResearch Source: OracoloResearch Source: Oracolo — NostrApps pageResearch Source: Ostrich WorkResearch Source: P2P BandResearch Source: PazResearch Source: PeridotResearch Source: Peridot — NostrApps pageResearch Source: PhoenixResearch Source: Phoenix — NostrApps pageResearch Source: Plebeian MarketResearch Source: Plebeian Market — NostrApps pageResearch Source: PrimalResearch Source: Primal — NostrApps pageResearch Source: Primal Article Editor / Reads authoringResearch Source: Primal StudioResearch Source: pynostr GitHubResearch Source: python-nostr GitHubResearch Source: Registry of KindsResearch Source: Relay Tools — NostrApps pageResearch Source: rsslayResearch Source: rust-nostr docsResearch Source: rust-nostr GitHubResearch Source: SatelliteResearch Source: SatShootResearch Source: ShakespeareResearch Source: Shakespeare — NostrApps pageResearch Source: ShopstrResearch Source: Shopstr — NostrApps pageResearch Source: SlidestrResearch Source: SnortResearch Source: start.nostr.netResearch Source: StemstrResearch Source: TreasuresResearch Source: WavlakeResearch Source: WikifreediaResearch Source: Wikifreedia — NostrApps pageResearch Source: WikistrResearch Source: Wikistr — NostrApps pageResearch Source: YakiHonne mobile/web app directoryResearch Source: YondarResearch Source: Yondar — NostrApps page

NIP-07 Signers

NIP-07 is one of the small standards that changes the whole product experience. It lets a browser or extension expose a signing interface to a web app so the app can ask for signatures without receiving the private key itself.

Reader route: Read this before using a web client that asks you to sign in, before pasting an nsec into any website, or before comparing browser extensions and remote signer bridges.

The problem NIP-07 solves

Web apps are convenient because they open instantly. That convenience becomes dangerous when the app asks for a Nostr private key. A private key is not a recoverable platform password. It is the signing authority for the public identity. If a web app stores it badly, logs it, leaks it through a dependency or trains users to paste it everywhere, the account-level damage can follow the user across clients.

NIP-07 gives web clients a better pattern. A browser extension or compatible environment can expose window.nostr. The website asks that object for public-key access or a signed event. The signer decides whether the request is allowed. The website receives the signature or public result, not the raw private key. The standard is small, but the shift is large: signing becomes a permissioned boundary instead of a text box.

That is why NIP-07 belongs inside the Apps hub, not only inside the NIPs route. Readers encounter it as a product decision. A web client that supports NIP-07 can ask for signatures in a different way from a site that wants the key directly. A browser extension such as nos2x made the pattern visible early. Other signers and wallet-adjacent products extend the same idea into more polished or mobile-specific experiences.

What window.nostr changes

The interface exposed by NIP-07 is intentionally practical. A client can request the public key, ask the signer to sign an event and use helper methods for encryption-related flows depending on implementation. The exact product experience varies, but the mental model is stable: the app asks, the signer signs, and the private key stays on the signer side of the boundary.

That boundary does not magically make every app safe. A signer can still approve a malicious event if the user does not understand the request. A client can still ask for too much. A browser extension can still have its own bugs. A user can still import the same private key into risky places. But NIP-07 gives the ecosystem a place to build better warnings, permissions and habits. Without that boundary, the user has to trust every web app with the raw key.

This is also why copywriting matters. A good signer does not describe every request in opaque protocol terms. It helps the reader understand whether they are logging in, posting, reacting, encrypting, delegating or doing something unusual. The standard creates the technical hook; product design decides whether a normal person can use it safely.

nos2x and the early browser pattern

The nos2x repository is important because it made the browser-extension pattern concrete for early Nostr web apps. It gave websites a way to request Nostr signatures without asking the user to paste an nsec directly into the page. In a young ecosystem, that kind of tool becomes more than a convenience. It teaches both users and developers what a better login flow can look like.

The lesson from nos2x is not that one extension solves key custody forever. It is that the signing boundary belongs outside the web app whenever possible. The extension model lets multiple websites use one signer, and it lets a user change the web client without changing the core identity secret. That is the same portability story that makes Nostr interesting, translated into browser security.

Modern signers continue that path with more features, better UX and different platform assumptions. Some focus on desktop browsers. Some connect to mobile signers. Some bridge to NIP-46 remote signers. The product question remains the same: where does the private key live, and how much does the app get to touch?

Where NIP-46 enters the picture

NIP-46 takes the signing boundary further by letting a client communicate with a remote signer. The signer can live on another device, in a bunker-style service or in a more controlled environment. A browser extension can then become a bridge: the website speaks something like NIP-07 to the browser, while the browser relays signing requests to a NIP-46 signer.

Bunker46 is useful as a concrete example of that model. Its public materials emphasize keeping keys away from the browser and letting the remote signer produce signatures. The bunker46-extension project shows the bridge idea in code: a web app can use the familiar browser interface while the actual signing authority sits elsewhere.

This is powerful, but it adds complexity. Remote signing introduces connection setup, permissions, availability, pairing and recovery questions. For some readers, a local browser signer is simpler. For high-value identities or more careful operators, a remote signer may be worth the extra friction. The Apps hub keeps both paths visible so the reader does not mistake convenience for the only design.

How to judge a signer

A signer deserves more scrutiny than a normal client. It sits near the private key. Before trusting one, ask whether the project is open source, who maintains it, how it stores keys, what platforms it supports, whether it explains requests clearly and how it behaves when a website asks for unusual permissions. The answer may not be perfect, but the questions need to be visible.

On mobile, the signer story changes. Android has enabled app-to-app signing patterns through projects such as Amber, while iOS has different platform limits. Desktop browsers have their own extension model. Hardware-backed or OS-keychain approaches, such as nostr-keyx experiments, point toward a future where keys can be harder to extract than a plain browser secret. Each path has tradeoffs.

A signer also needs to be boring in the right places. It should not turn every signature into a panic moment, but it should interrupt actions that carry real risk. It should make routine posting easy and unusual signing legible. The best signer UX is calm at the exact point where a careless click can matter.

What web apps should learn from it

A web app that supports NIP-07 is making a reader-facing promise: you do not have to hand this page your private key just to participate. That promise should be reflected in onboarding copy, buttons, warnings and fallback flows. If the fallback is still “paste nsec here,” the page needs to say clearly what that means and why a signer is safer.

Web clients should also avoid treating NIP-07 as a magic login badge. The signer tells the app which public key is available and can sign events, but the app still needs to explain relays, content, zaps, encryption and permissions. Signing is the door handle, not the whole house.

For readers, the practical rule is simple: prefer clients that support a signer, learn what the signer prompt means and treat private-key copy-paste as an exception. NIP-07 is not the whole security story, but it is one of the clearest places where Nostr turns protocol design into everyday safety.

Sources worth opening

  • NIP-07 - Browser signer interface exposed as window.nostr.
  • NIP-46 - Remote signing flow for clients and bunker-style signers.
  • fiatjaf/nos2x - Early browser extension pattern for web signing without handing keys to sites.
  • Bunker46 - Remote signer example built around the NIP-46 model.
  • bunker46-extension - Browser bridge connecting NIP-07 websites to a NIP-46 signer.
  • nostr-keyx - Signer experiment using operating-system keychain and hardware-backed ideas.
  • Amber - Android signer app for keeping signing outside ordinary clients.
Apps route visual cue 1
Apps route visual cue 2
Apps route visual cue 3
Apps route visual cue 4
Apps route visual cue 5

How to use this page

Find the product surface first.

Search clients, signers, product categories or developer tools when you need a specific app, source file or comparison clue.

AppsKeep exploring AppsApp routeProduct profiles, categories, signer guides and source links.Browse apps
Apps route visual cue 1
Apps route visual cue 2
Apps route visual cue 3
Apps route visual cue 4
Apps route visual cue 5

Bring something back

Ask, suggest, submit or nominate.

Use these links when something is missing, a source is stale, or a public Nostr builder belongs in the map.