Bump the gem version to v0.6.0

Added the methods:
- Event#verify_signature
- Crypto#check_sig!
- Crypto#valid_sig?
- Crypto#sign_message

Fixed a primitive obsession by introducing a Signature class to ensure that signatures are valid Nostr signatures.

.adr-dir

@@ -0,0 +1 @@
+adr

.github/workflows/main.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       matrix:
         ruby:
-          - '3.2.0'
+          - '3.3.0'
 
     steps:
     - uses: actions/checkout@v3

.rubocop.yml

@@ -5,7 +5,7 @@ require:
   - rubocop-rspec
 
 AllCops:
-  TargetRubyVersion: 3.2
+  TargetRubyVersion: 3.3
   DisplayCopNames: true
   NewCops: enable
 

.tool-versions

@@ -1,2 +1,2 @@
-ruby 3.2.2
-bun 1.0.11
+ruby 3.3.0
+bun 1.0.30

CHANGELOG.md

@@ -4,7 +4,33 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.1.1/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [0.6.0] 2024-03-15
+
+### Added
+
+- Added Architecture Decision Records (ADRs) to document architectural decisions
+- Added the `Signature` class to fix the primitive obsession with signatures and to make it easier to work with them
+- Added `valid_sig?` and `check_sig!` to the `Crypto` class to verify whether an event's signature is valid
+- Added `sign_message` to the `Crypto` class to sign a message
+- Added `verify_signature?` to the `Event` class to verify whether an event's signature is valid
+- Added `#to_ary` to the `KeyPair` class to enable keypair destructuring
+- Added RBS types for `schnorr`
+
+### Changed
+
+- Updated the required Ruby version to `3.3.0` (was `3.2.0`)
+- Updated the gem `dotenv` to version `3.1` (was `2.8`)
+- Updated the gem `bip-schnorr` to version `0.7` (was `0.6`)
+- Updated the gem `overcommit` to version `0.63` (was `0.59`)
+- Updated the gem `rbs` to version `3.4` (was `3.3`)
+- Updated the gem `rspec` to version `3.13` (was `3.12`)
+- Updated the gem `rspec-rubocop` to version `2.27` (was `2.25`)
+- Updated the gem `rubocop` to version `1.62` (was `1.57`)
+
+## Fixed
+
+- Fixed a typo in the README (`generate_keypair` -> `generate_key_pair`)
+- Fixed a typo in the YARD documentation of `Nostr::Key#initialize` (`ValidationError` -> `KeyValidationError`)
 
 ### Fixed
 
@@ -17,7 +43,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 - Added relay message type enums `Nostr::RelayMessageType`
 - Compliance with [NIP-19](https://github.com/nostr-protocol/nips/blob/master/19.md) - bech32-formatted strings
-- `Nostr::PrivateKey` and `Nostr::PublicKey` to represent private and public keys, respectively
+- Added `Nostr::PrivateKey` and `Nostr::PublicKey` to represent private and public keys, respectively
 - Added a validation of private and public keys
 - Added an ability to convert keys to and from Bech32 format
 - Added RBS types for `faye-websocket` and `bech32`
@@ -89,7 +115,7 @@ principles of immutability and was a major source of internal complexity as I ne
 
 - Initial release
 
-[unreleased]: https://github.com/wilsonsilva/nostr/compare/v0.5.0...HEAD
+[0.6.0]: https://github.com/wilsonsilva/nostr/compare/v0.5.0...v0.6.0
 [0.5.0]: https://github.com/wilsonsilva/nostr/compare/v0.4.0...v0.5.0
 [0.4.0]: https://github.com/wilsonsilva/nostr/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/wilsonsilva/nostr/compare/v0.2.0...v0.3.0

README.md

@@ -1,6 +1,7 @@
 # Nostr
 
 [![Gem Version](https://badge.fury.io/rb/nostr.svg)](https://badge.fury.io/rb/nostr)
+![Build](https://github.com/wilsonsilva/nostr/actions/workflows/main.yml/badge.svg)
 [![Maintainability](https://api.codeclimate.com/v1/badges/c7633eb2c89eb95ee7f2/maintainability)](https://codeclimate.com/github/wilsonsilva/nostr/maintainability)
 [![Test Coverage](https://api.codeclimate.com/v1/badges/c7633eb2c89eb95ee7f2/test_coverage)](https://codeclimate.com/github/wilsonsilva/nostr/test_coverage)
 
@@ -63,7 +64,7 @@ keypair = keygen.get_key_pair_from_private_key(
 
 # c) Or create a new keypair
 keygen = Nostr::Keygen.new
-keypair = keygen.generate_keypair
+keypair = keygen.generate_key_pair
 
 # Create a user with the keypair
 user = Nostr::User.new(keypair: keypair)

adr/0001-record-architecture-decisions.md

@@ -0,0 +1,19 @@
+# 1. Record architecture decisions
+
+Date: 2024-03-13
+
+## Status
+
+Accepted
+
+## Context
+
+We need to record the architectural decisions made on this project.
+
+## Decision
+
+We will use Architecture Decision Records, as [described by Michael Nygard](http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions).
+
+## Consequences
+
+See Michael Nygard's article, linked above. For a lightweight ADR toolset, see Nat Pryce's [adr-tools](https://github.com/npryce/adr-tools).

adr/0002-introduction-of-signature-class.md

@@ -0,0 +1,27 @@
+# 2. introduction-of-signature-class
+
+Date: 2024-03-14
+
+## Status
+
+Accepted
+
+## Context
+
+I noticed significant overuse of primitive strings for signatures, which led to widespread and repetitive validation logic, increasing the potential for errors and making the system harder to manage and maintain.
+
+## Decision
+
+I introduced the Nostr::Signature class, choosing to subclass String to leverage string-like behavior while embedding specific validation rules for signatures. This move was aimed at streamlining validation, ensuring consistency, and maintaining the usability of strings.
+
+## Consequences
+
+### Positive
+
+- This design choice has made the codebase cleaner and more robust, reducing the chances of errors related to signature handling. It ensures that all signature instances are valid at creation, leveraging the familiarity and flexibility of string operations without sacrificing the integrity of the data. Moreover, it sets a strong foundation for extending signature-related functionality in the future.
+
+### Negative
+
+- __Performance Concerns:__ Subclassing String might introduce slight performance overheads due to the additional validation logic executed upon instantiation of a Signature object.
+- __Integration Challenges:__ Integrating this class into existing systems where strings were used indiscriminately for signatures requires careful refactoring to ensure compatibility. There's also the potential for issues when passing Nostr::Signature objects to libraries or APIs expecting plain strings without the additional constraints.
+- __Learning Curve:__ For new team members or contributors, understanding the necessity and functionality of the Nostr::Signature class adds to the learning curve, potentially slowing down initial development efforts as they familiarize themselves with the custom implementation.

docs/.vitepress/config.mjs

@@ -79,6 +79,8 @@ export default defineConfig(withMermaid({
         collapsed: false,
         items: [
           { text: 'Bech32 enc/decoding (NIP-19)', link: '/common-use-cases/bech32-encoding-and-decoding-(NIP-19)' },
+          { text: 'Signing/verifying messages', link: '/common-use-cases/signing-and-verifying-messages' },
+          { text: 'Signing/verifying events', link: '/common-use-cases/signing-and-verifying-events' },
         ]
       },
       {

docs/common-use-cases/signing-and-verifying-events.md

@@ -0,0 +1,50 @@
+# Signing and verifying events
+
+Signing an event in Nostr proves it was sent by the owner of a specific private key.
+
+## Signing an event
+
+To sign an event, use the private key associated with the event's creator. Here's how to sign a message using a
+predefined keypair:
+
+```ruby{14}
+require 'nostr'
+
+private_key = Nostr::PrivateKey.new('67dea2ed018072d675f5415ecfaed7d2597555e202d85b3d65ea4e58d2d92ffa'),
+public_key = Nostr::PublicKey.new('7e7e9c42a91bfef19fa929e5fda1b72e0ebc1a4c1141673e2794234d86addf4e'),
+
+event = Nostr::Event.new(
+  pubkey: public_key.to_s,
+  kind: Nostr::EventKind::TEXT_NOTE,
+  content: 'We did it with security, now we’re going to do it with the economy.',
+  created_at: Time.now.to_i,
+)
+
+# Sign the event with the private key
+event.sign(private_key)
+
+puts "Event ID: #{event.id}"
+puts "Event Signature: #{event.sig}"
+```
+
+## Verifying an event's signature
+
+To verify an event, you must ensure the event's signature is valid. This indicates the event was created by the owner
+of the corresponding public key.
+
+When the event was signed with the private key corresponding to the public key, the `verify_signature` method will
+return `true`.
+
+```ruby
+event.verify_signature # => true
+```
+
+And when the event was not signed with the private key corresponding to the public key, the `verify_signature` method
+will return `false`.
+
+An event without an `id`, `pubkey`, `sig` is considered invalid and will return `false` when calling `verify_signature`.
+
+```ruby
+other_public_key = Nostr::PublicKey.new('10be96d345ed58d923a734560680f1adfd2b1006c28ac93b8e1b032a9a32c6e9')
+event.verify_signature # => false
+```

docs/common-use-cases/signing-and-verifying-messages.md

@@ -0,0 +1,43 @@
+# Signing and verifying messages
+
+Signing a message in Nostr proves it was sent by the owner of a specific private key.
+
+## Signing a message
+
+To sign a message, you'll need a private key. Here's how to sign a message using a predefined keypair:
+
+```ruby{9}
+require 'nostr'
+
+private_key = Nostr::PrivateKey.new('67dea2ed018072d675f5415ecfaed7d2597555e202d85b3d65ea4e58d2d92ffa'),
+public_key = Nostr::PublicKey.new('7e7e9c42a91bfef19fa929e5fda1b72e0ebc1a4c1141673e2794234d86addf4e'),
+
+message = 'We did it with security, now we’re going to do it with the economy.' # The message you want to sign
+
+crypto = Nostr::Crypto.new
+signature = crypto.sign_message(message, private_key)
+signature # => "d7a0aac1fadcddf1aa2949bedfcdf25ce0c1604e648e55d31431fdacbff8e8256f7c2166d98292f80bc5f79105a0b6e8a89236a47d97cf5d0e7cc1ebf34dea5c"
+```
+
+## Verifying a signature
+
+To verify a signature, you need the original message, the public key of the signer, and the signature.
+
+```ruby
+crypto.valid_sig?(message, public_key, signature) # => true
+crypto.check_sig!(message, public_key, signature) # => true
+```
+
+When the message was not signed with the private key corresponding to the public key, the `valid_sig?` method will return `false`.
+
+```ruby
+other_public_key = Nostr::PublicKey.new('10be96d345ed58d923a734560680f1adfd2b1006c28ac93b8e1b032a9a32c6e9')
+crypto.valid_sig?(message, public_key, signature) # => false
+```
+
+And when the message was not signed with the private key corresponding to the public key, the `check_sig!` method will raise an error.
+
+```ruby
+other_public_key = Nostr::PublicKey.new('10be96d345ed58d923a734560680f1adfd2b1006c28ac93b8e1b032a9a32c6e9')
+crypto.check_sig!(message, other_public_key, signature) # => Schnorr::InvalidSignatureError: signature verification failed
+```

docs/getting-started/overview.md

@@ -35,6 +35,7 @@ classDiagram
         serialize()
         to_h()
         sign(private_key)
+        verify_signature()
     }
     class Subscription {
         id
@@ -110,7 +111,7 @@ keypair = keygen.get_key_pair_from_private_key(
 
 # c) Or create a new keypair
 keygen = Nostr::Keygen.new
-keypair = keygen.generate_keypair
+keypair = keygen.generate_key_pair
 
 # Create a user with the keypair
 user = Nostr::User.new(keypair: keypair)

docs/index.md

@@ -39,6 +39,4 @@ features:
   - title: Fully typed
     details: All code is typed with <a href="https://rubygems.org/gems/rbs" target="_blank">RBS</a> with the help of <a href="https://rubygems.org/gems/typeprof" target="_blank">TypeProf</a>. Type correctness is enforced by <a href="https://rubygems.org/gems/steep" target="_blank">Steep</a>.
     icon: ✅
-
 ---
-

lib/nostr.rb

@@ -12,6 +12,7 @@ require_relative 'nostr/relay'
 require_relative 'nostr/relay_message_type'
 require_relative 'nostr/key_pair'
 require_relative 'nostr/event_kind'
+require_relative 'nostr/signature'
 require_relative 'nostr/event'
 require_relative 'nostr/events/encrypted_direct_message'
 require_relative 'nostr/client'

lib/nostr/crypto.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Nostr
-  # Performs cryptographic operations on a +Nostr::Event+.
+  # Performs cryptographic operations.
   class Crypto
     # Numeric base of the OpenSSL big number used in an event content's encryption.
     #
@@ -90,17 +90,93 @@ module Nostr
     #
     def sign_event(event, private_key)
       event_digest = hash_event(event)
-
-      hex_private_key = Array(private_key).pack('H*')
-      hex_message     = Array(event_digest).pack('H*')
-      event_signature = Schnorr.sign(hex_message, hex_private_key).encode.unpack1('H*')
+      signature = sign_message(event_digest, private_key)
 
       event.id = event_digest
-      event.sig = event_signature
+      event.sig = signature
 
       event
     end
 
+    # Signs a message using the Schnorr signature algorithm
+    #
+    # @api public
+    #
+    # @example Signing a message
+    #   crypto = Nostr::Crypto.new
+    #   message = 'Viva la libertad carajo'
+    #   private_key = Nostr::PrivateKey.new('7d1e4219a5e7d8342654c675085bfbdee143f0eb0f0921f5541ef1705a2b407d')
+    #   signature = crypto.sign_message(message, private_key)
+    #   signature # => 'b2115694a576f5bdcebf8c0951a3c7adcfbdb17b11cb9e6d6b7017691138bc6' \
+    #     '38fee642a7bd26f71b313a7057181294198900a9770d1435e43f182acf3d34c26'
+    #
+    # @param [String] message The message to be signed
+    # @param [PrivateKey] private_key The private key used for signing
+    #
+    # @return [Signature] A signature object containing the signature as a 64-byte hexadecimal string.
+    #
+    def sign_message(message, private_key)
+      hex_private_key = Array(private_key).pack('H*')
+      hex_message     = Array(message).pack('H*')
+      hex_signature   = Schnorr.sign(hex_message, hex_private_key).encode.unpack1('H*')
+
+      Signature.new(hex_signature.to_s)
+    end
+
+    # Verifies the given {Signature} and returns true if it is valid
+    #
+    # @api public
+    #
+    # @example Checking a signature
+    #   public_key = Nostr::PublicKey.new('15678d8fbc126fa326fac536acd5a6dcb5ef64b3d939abe31d6830cba6cd26d6')
+    #   private_key = Nostr::PrivateKey.new('7d1e4219a5e7d8342654c675085bfbdee143f0eb0f0921f5541ef1705a2b407d')
+    #   message = 'Viva la libertad carajo'
+    #   crypto = Nostr::Crypto.new
+    #   signature = crypto.sign_message(message, private_key)
+    #   valid = crypto.valid_sig?(message, public_key, signature)
+    #   valid # => true
+    #
+    # @see #check_sig!
+    #
+    # @param [String] message A message to be signed with binary format.
+    # @param [PublicKey] public_key The public key with binary format.
+    # @param [Signature] signature The signature with binary format.
+    #
+    # @return [Boolean] whether signature is valid.
+    #
+    def valid_sig?(message, public_key, signature)
+      signature = Schnorr::Signature.decode([signature].pack('H*'))
+      Schnorr.valid_sig?([message].pack('H*'), [public_key].pack('H*'), signature.encode)
+    end
+
+    # Verifies the given {Signature} and raises an +Schnorr::InvalidSignatureError+ if it is invalid
+    #
+    # @api public
+    #
+    # @example Checking a signature
+    #   public_key = Nostr::PublicKey.new('15678d8fbc126fa326fac536acd5a6dcb5ef64b3d939abe31d6830cba6cd26d6')
+    #   private_key = Nostr::PrivateKey.new('7d1e4219a5e7d8342654c675085bfbdee143f0eb0f0921f5541ef1705a2b407d')
+    #   message = 'Viva la libertad carajo'
+    #   crypto = Nostr::Crypto.new
+    #   signature = crypto.sign_message(message, private_key)
+    #   valid = crypto.valid_sig?(message, public_key, signature)
+    #   valid # => true
+    #
+    # @see #valid_sig?
+    #
+    # @param [String] message A message to be signed with binary format.
+    # @param [PublicKey] public_key The public key with binary format.
+    # @param [Signature] signature The signature with binary format.
+    #
+    # @raise [Schnorr::InvalidSignatureError] if the signature is invalid.
+    #
+    # @return [Boolean] whether signature is valid.
+    #
+    def check_sig!(message, public_key, signature)
+      signature = Schnorr::Signature.decode([signature].pack('H*'))
+      Schnorr.check_sig!([message].pack('H*'), [public_key].pack('H*'), signature.encode)
+    end
+
     private
 
     # Finds a shared key between two keys

lib/nostr/errors.rb

@@ -6,3 +6,7 @@ require_relative 'errors/invalid_hrp_error'
 require_relative 'errors/invalid_key_type_error'
 require_relative 'errors/invalid_key_length_error'
 require_relative 'errors/invalid_key_format_error'
+require_relative 'errors/signature_validation_error'
+require_relative 'errors/invalid_signature_type_error'
+require_relative 'errors/invalid_signature_length_error'
+require_relative 'errors/invalid_signature_format_error'

lib/nostr/errors/invalid_signature_format_error.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Nostr
+  # Raised when the signature is in an invalid format
+  #
+  # @api public
+  #
+  class InvalidSignatureFormatError < SignatureValidationError
+    # Initializes the error
+    #
+    # @example
+    #   InvalidSignatureFormatError.new
+    #
+    def initialize
+      super('Only lowercase hexadecimal characters are allowed in signatures.')
+    end
+  end
+end

lib/nostr/errors/invalid_signature_length_error.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Nostr
+  # Raised when the signature's length is not 128 characters
+  #
+  # @api public
+  #
+  class InvalidSignatureLengthError < SignatureValidationError
+    # Initializes the error
+    #
+    # @example
+    #   InvalidSignatureLengthError.new
+    #
+    def initialize
+      super('Invalid signature length. It should have 128 characters.')
+    end
+  end
+end

lib/nostr/errors/invalid_signature_type_error.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Nostr
+  # Raised when the signature is not a string
+  #
+  # @api public
+  #
+  class InvalidSignatureTypeError < SignatureValidationError
+    # Initializes the error
+    #
+    # @example
+    #   InvalidSignatureTypeError.new
+    #
+    def initialize = super('Invalid signature type')
+  end
+end

lib/nostr/errors/signature_validation_error.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Nostr
+  # Base class for all signature validation errors
+  class SignatureValidationError < Error; end
+end

lib/nostr/event.rb

@@ -181,6 +181,34 @@ module Nostr
       crypto.sign_event(self, private_key)
     end
 
+    # Verifies if the signature of the event is valid. A valid signature means that the event was signed by the owner
+    #
+    # @api public
+    #
+    # @example Verifying the signature of an event
+    #   event = Nostr::Event.new(
+    #     id: '90b75b78daf883ae57fbcc414d43faa028560b3211ee58e4ea82bf395bb82042',
+    #     pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+    #     created_at: 1667422587,
+    #     kind: Nostr::EventKind::TEXT_NOTE,
+    #     content: 'Your feedback is appreciated, now pay $8',
+    #     sig: '32f18adebe942e19b171c1c7d2fb27ce794dfea4155e289dca7952b43ed1ec39' \
+    #       '1d3dc198ba2761bc6d40c737a6eaf4edcc8963acabd3bfcebd04f16637025bdc'
+    #   )
+    #
+    #   event.verify_signature # => true
+    #
+    # @return [Boolean] Whether the signature is valid or not.
+    #
+    def verify_signature
+      crypto = Crypto.new
+
+      return false if id.nil? || pubkey.nil?
+      return false if sig.nil? # FIXME: See https://github.com/soutaro/steep/issues/1079
+
+      crypto.valid_sig?(id, pubkey, sig)
+    end
+
     # Serializes the event, to obtain a SHA256 digest of it
     #
     # @api public

lib/nostr/key.rb

@@ -18,14 +18,14 @@ module Nostr
     #
     LENGTH = 64
 
-    # Instantiates a new key. Can't be used directly because this is an abstract class. Raises a +ValidationError+
+    # Instantiates a new key. Can't be used directly because this is an abstract class. Raises a +KeyValidationError+
     #
     # @see Nostr::PrivateKey
     # @see Nostr::PublicKey
     #
     # @param [String] hex_value Hex-encoded value of the key
     #
-    # @raise [ValidationError]
+    # @raise [KeyValidationError]
     #
     def initialize(hex_value)
       validate_hex_value(hex_value)

lib/nostr/key_pair.rb

@@ -38,8 +38,8 @@ module Nostr
     # @param private_key [PrivateKey] 32-bytes hex-encoded private key.
     # @param public_key [PublicKey] 32-bytes hex-encoded public key.
     #
-    # @raise ArgumentError when the private key is not a +PrivateKey+
-    # @raise ArgumentError when the public key is not a +PublicKey+
+    # @raise ArgumentError when the private key is not a {PrivateKey}
+    # @raise ArgumentError when the public key is not a {PublicKey}
     #
     def initialize(private_key:, public_key:)
       validate_keys(private_key, public_key)
@@ -48,6 +48,30 @@ module Nostr
       @public_key = public_key
     end
 
+    # Allows array destructuring of the KeyPair, enabling the extraction of +PrivateKey+ and +PublicKey+ separately
+    #
+    # @api public
+    #
+    # @example Implicit usage of `to_ary` for destructuring
+    #   keypair = Nostr::KeyPair.new(
+    #     private_key: Nostr::PrivateKey.new('7d1e4219a5e7d8342654c675085bfbdee143f0eb0f0921f5541ef1705a2b407d'),
+    #     public_key: Nostr::PublicKey.new('15678d8fbc126fa326fac536acd5a6dcb5ef64b3d939abe31d6830cba6cd26d6'),
+    #   )
+    #   # The `to_ary` method can be implicitly used for array destructuring:
+    #   private_key, public_key = keypair
+    #   # Now `private_key` and `public_key` hold the respective values.
+    #
+    # @example Explicit usage of `to_ary`
+    #   array_representation = keypair.to_ary
+    #   # array_representation is now an array: [PrivateKey, PublicKey]
+    #   # where PrivateKey and PublicKey are the respective objects.
+    #
+    # @return [Array<PrivateKey, PublicKey>] An array containing the {PrivateKey} and {PublicKey} in that order
+    #
+    def to_ary
+      [private_key, public_key]
+    end
+
     private
 
     # Validates the keys

lib/nostr/keygen.rb

@@ -22,7 +22,7 @@ module Nostr
     # @api public
     #
     # @example
-    #   keypair = keygen.generate_keypair
+    #   keypair = keygen.generate_key_pair
     #   keypair # #<Nostr::KeyPair:0x0000000107bd3550
     #    @private_key="893c4cc8088924796b41dc788f7e2f746734497010b1a9f005c1faad7074b900",
     #    @public_key="2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558">

lib/nostr/signature.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Nostr
+  # 64-bytes lowercase hex of the signature of the sha256 hash of the serialized event data,
+  # which is the same as the "id" field
+  class Signature < String
+    # The regular expression for hexadecimal lowercase characters
+    #
+    # @return [Regexp] The regular expression for hexadecimal lowercase characters
+    #
+    FORMAT = /^[a-f0-9]+$/
+
+    # The length of the signature in hex format
+    #
+    # @return [Integer] The length of the signature in hex format
+    #
+    LENGTH = 128
+
+    # Instantiates a new Signature
+    #
+    # @api public
+    #
+    # @example Instantiating a new signature
+    #  Nostr::Signature.new(
+    #    'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+    #    '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
+    #  )
+    #
+    # @param [String] hex_value Hex-encoded value of the signature
+    #
+    # @raise [SignatureValidationError]
+    #
+    def initialize(hex_value)
+      validate(hex_value)
+
+      super(hex_value)
+    end
+
+    private
+
+    # Hex-encoded value of the signature
+    #
+    # @api private
+    #
+    # @return [String] hex_value Hex-encoded value of the signature
+    #
+    attr_reader :hex_value
+
+    # Validates the hex value of the signature
+    #
+    # @api private
+    #
+    # @param [String] hex_value The signature in hex format
+    #
+    # @raise InvalidSignatureTypeError when the signature is not a string
+    # @raise InvalidSignatureLengthError when the signature's length is not 128 characters
+    # @raise InvalidSignatureFormatError when the signature is in an invalid format
+    #
+    # @return [void]
+    #
+    def validate(hex_value)
+      raise InvalidSignatureTypeError   unless hex_value.is_a?(String)
+      raise InvalidSignatureLengthError unless hex_value.size == LENGTH
+      raise InvalidSignatureFormatError unless hex_value.match(FORMAT)
+    end
+  end
+end

lib/nostr/version.rb

@@ -2,5 +2,5 @@
 
 module Nostr
   # The version of the gem
-  VERSION = '0.5.0'
+  VERSION = '0.6.0'
 end

nostr.gemspec

@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
   spec.description = 'Client and relay implementation of the Nostr protocol.'
   spec.homepage = 'https://nostr-ruby.com/'
   spec.license = 'MIT'
-  spec.required_ruby_version = '>= 3.2.0'
+  spec.required_ruby_version = '>= 3.3.0'
   spec.metadata['rubygems_mfa_required'] = 'true'
 
   spec.metadata['homepage_uri'] = spec.homepage
@@ -32,29 +32,29 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'bech32', '~> 1.4'
-  spec.add_dependency 'bip-schnorr', '~> 0.6'
+  spec.add_dependency 'bip-schnorr', '~> 0.7'
   spec.add_dependency 'ecdsa', '~> 1.2'
   spec.add_dependency 'event_emitter', '~> 0.2'
   spec.add_dependency 'faye-websocket', '~> 0.11'
   spec.add_dependency 'json', '~> 2.6'
 
   spec.add_development_dependency 'bundler-audit', '~> 0.9'
-  spec.add_development_dependency 'dotenv', '~> 2.8'
+  spec.add_development_dependency 'dotenv', '~> 3.1'
   spec.add_development_dependency 'guard', '~> 2.18'
   spec.add_development_dependency 'guard-bundler', '~> 3.0'
   spec.add_development_dependency 'guard-bundler-audit', '~> 0.1'
   spec.add_development_dependency 'guard-rspec', '~> 4.7'
   spec.add_development_dependency 'guard-rubocop', '~> 1.5'
-  spec.add_development_dependency 'overcommit', '~> 0.59'
+  spec.add_development_dependency 'overcommit', '~> 0.63'
   spec.add_development_dependency 'pry', '~> 0.14'
   spec.add_development_dependency 'puma', '~> 6.4'
   spec.add_development_dependency 'rack', '~> 3.0'
   spec.add_development_dependency 'rake', '~> 13.1'
-  spec.add_development_dependency 'rbs', '~> 3.3'
-  spec.add_development_dependency 'rspec', '~> 3.12'
-  spec.add_development_dependency 'rubocop', '~> 1.57'
+  spec.add_development_dependency 'rbs', '~> 3.4'
+  spec.add_development_dependency 'rspec', '~> 3.13'
+  spec.add_development_dependency 'rubocop', '~> 1.62'
   spec.add_development_dependency 'rubocop-rake', '~> 0.6'
-  spec.add_development_dependency 'rubocop-rspec', '2.25'
+  spec.add_development_dependency 'rubocop-rspec', '2.27'
   spec.add_development_dependency 'simplecov', '= 0.17'
   spec.add_development_dependency 'simplecov-console', '~> 0.9'
   spec.add_development_dependency 'steep', '~> 1.6'

sig/nostr/crypto.rbs

@@ -7,6 +7,9 @@ module Nostr
     def encrypt_text: (PrivateKey, PublicKey, String) -> String
     def decrypt_text: (PrivateKey, PublicKey, String) -> String
     def sign_event: (Event, PrivateKey) -> Event
+    def sign_message: (String, PrivateKey) -> Signature
+    def valid_sig?: (String, PublicKey, Signature) -> bool
+    def check_sig!: (String, PublicKey, Signature) -> bool
 
     private
 

sig/nostr/errors/invalid_signature_format_error.rbs

@@ -0,0 +1,5 @@
+module Nostr
+  class InvalidSignatureFormatError < SignatureValidationError
+    def initialize: -> void
+  end
+end

sig/nostr/errors/invalid_signature_length_error.rbs

@@ -0,0 +1,5 @@
+module Nostr
+  class InvalidSignatureLengthError < SignatureValidationError
+    def initialize: -> void
+  end
+end

sig/nostr/errors/invalid_signature_type_error.rbs

@@ -0,0 +1,5 @@
+module Nostr
+  class InvalidSignatureTypeError < SignatureValidationError
+    def initialize: -> void
+  end
+end

sig/nostr/errors/signature_validation_error.rbs

@@ -0,0 +1,4 @@
+module Nostr
+  class SignatureValidationError < Error
+  end
+end

sig/nostr/event.rbs

@@ -5,8 +5,8 @@ module Nostr
     attr_reader kind: Integer
     attr_reader tags: Array[Array[String]]
     attr_reader content: String
-    attr_accessor id: String?|nil
-    attr_accessor sig: String?|nil
+    attr_accessor id: String?
+    attr_accessor sig: Signature?
 
     def initialize: (
       pubkey: PublicKey,
@@ -14,24 +14,25 @@ module Nostr
       content: String,
       ?created_at: Integer,
       ?tags: Array[Array[String]],
-      ?id: String|nil,
-      ?sig: String|nil
+      ?id: String?,
+      ?sig: Signature?
     ) -> void
 
     def serialize: -> [Integer, String, Integer, Integer, Array[Array[String]], String]
 
     def to_h: -> {
-      id: String?|nil,
+      id: String?,
       pubkey: String,
       created_at: Integer,
       kind: Integer,
       tags: Array[Array[String]],
       content: String,
-      sig: String?|nil
+      sig: String?
     }
     def ==: (Event other) -> bool
 
     def sign:(PrivateKey) -> Event
+    def verify_signature: -> bool
 
     def add_event_reference: (String) -> Array[Array[String]]
     def add_pubkey_reference: (PublicKey) -> Array[Array[String]]

sig/nostr/key_pair.rbs

@@ -5,6 +5,7 @@ module Nostr
     attr_reader public_key: PublicKey
 
     def initialize: (private_key: PrivateKey, public_key: PublicKey) -> void
+    def to_ary: -> [PrivateKey, PublicKey]
 
     private
 

sig/nostr/signature.rbs

@@ -0,0 +1,14 @@
+module Nostr
+  class Signature < String
+    FORMAT: Regexp
+    LENGTH: int
+
+    def initialize: (String) -> void
+
+    private
+
+    attr_reader hex_value: String
+
+    def validate: (String) -> nil
+  end
+end

sig/vendor/schnorr.rbs

@@ -1,4 +1,6 @@
 # Added only to satisfy the Steep requirements. Not 100% reliable.
 module Schnorr
-  def self.sign: (String message, String private_key, ?String aux_rand) -> untyped
+  def self.sign: (String message, String private_key, ?String aux_rand) -> Signature
+  def self.valid_sig?: (String message, String public_key, String signature) -> bool
+  def self.check_sig!: (String message, String public_key, String signature) -> bool
 end

sig/vendor/schnorr/signature.rbs

@@ -0,0 +1,16 @@
+# Added only to satisfy the Steep requirements. Not 100% reliable.
+module Schnorr
+  class InvalidSignatureError < StandardError
+  end
+
+  class Signature
+    attr_reader r: Integer
+    attr_reader s: Integer
+
+    def self.decode: (String string) -> Signature
+
+    def initialize: (Integer r, Integer s) -> void
+    def encode: -> String
+    def ==: (untyped other) -> bool
+  end
+end

spec/nostr/crypto_spec.rb

@@ -5,6 +5,62 @@ require 'spec_helper'
 RSpec.describe Nostr::Crypto do
   let(:crypto) { described_class.new }
 
+  describe '#check_sig!' do
+    let(:keypair) do
+      Nostr::KeyPair.new(
+        public_key: Nostr::PublicKey.new('15678d8fbc126fa326fac536acd5a6dcb5ef64b3d939abe31d6830cba6cd26d6'),
+        private_key: Nostr::PrivateKey.new('7d1e4219a5e7d8342654c675085bfbdee143f0eb0f0921f5541ef1705a2b407d')
+      )
+    end
+    let(:message) { 'Your feedback is appreciated, now pay $8' }
+
+    context 'when the signature is valid' do
+      it 'returns true' do
+        signature = crypto.sign_message(message, keypair.private_key)
+
+        expect(crypto.check_sig!(message, keypair.public_key, signature)).to be(true)
+      end
+    end
+
+    context 'when the signature is invalid' do
+      it 'raises an error' do
+        signature = Nostr::Signature.new('badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadb' \
+                                         'badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadb')
+
+        expect do
+          crypto.check_sig!(message, keypair.public_key, signature)
+        end.to raise_error(Schnorr::InvalidSignatureError, 'signature verification failed.')
+      end
+    end
+  end
+
+  describe '#valid_sig?' do
+    let(:keypair) do
+      Nostr::KeyPair.new(
+        public_key: Nostr::PublicKey.new('15678d8fbc126fa326fac536acd5a6dcb5ef64b3d939abe31d6830cba6cd26d6'),
+        private_key: Nostr::PrivateKey.new('7d1e4219a5e7d8342654c675085bfbdee143f0eb0f0921f5541ef1705a2b407d')
+      )
+    end
+    let(:message) { 'Your feedback is appreciated, now pay $8' }
+
+    context 'when the signature is valid' do
+      it 'returns true' do
+        signature = crypto.sign_message(message, keypair.private_key)
+
+        expect(crypto.valid_sig?(message, keypair.public_key, signature)).to be(true)
+      end
+    end
+
+    context 'when the signature is invalid' do
+      it 'returns false' do
+        signature = Nostr::Signature.new('badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadb' \
+                                         'badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadb')
+
+        expect(crypto.valid_sig?(message, keypair.public_key, signature)).to be(false)
+      end
+    end
+  end
+
   describe '#sign_event' do
     let(:keypair) do
       Nostr::KeyPair.new(
@@ -31,6 +87,19 @@ RSpec.describe Nostr::Crypto do
     end
   end
 
+  describe '#sign_message' do
+    let(:private_key) { Nostr::PrivateKey.new('7d1e4219a5e7d8342654c675085bfbdee143f0eb0f0921f5541ef1705a2b407d') }
+    let(:message) { 'Your feedback is appreciated, now pay $8' }
+
+    it 'signs a message' do
+      signature = crypto.sign_message(message, private_key)
+      hex_signature = '0fa6d8e26f44ddad9eca5be2b8a25d09338c1767f8bfce384046c8eb771d1120e4bda5ca49' \
+                      '27e74837f912d4810945af6abf8d38139c1347f2d71ba8c52b175b'
+
+      expect(signature).to eq(Nostr::Signature.new(hex_signature))
+    end
+  end
+
   describe '#encrypt_text' do
     let(:sender_keypair) do
       Nostr::KeyPair.new(

spec/nostr/errors/invalid_signature_format_error_spec.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Nostr::InvalidSignatureFormatError do
+  describe '#initialize' do
+    let(:error) { described_class.new }
+
+    it 'builds a useful error message' do
+      expect(error.message).to eq('Only lowercase hexadecimal characters are allowed in signatures.')
+    end
+  end
+end

spec/nostr/errors/invalid_signature_length_error_spec.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Nostr::InvalidSignatureLengthError do
+  describe '#initialize' do
+    let(:error) { described_class.new }
+
+    it 'builds a useful error message' do
+      expect(error.message).to eq('Invalid signature length. It should have 128 characters.')
+    end
+  end
+end

spec/nostr/errors/invalid_signature_type_error_spec.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Nostr::InvalidSignatureTypeError do
+  describe '#initialize' do
+    let(:error) { described_class.new }
+
+    it 'builds a useful error message' do
+      expect(error.message).to eq('Invalid signature type')
+    end
+  end
+end

spec/nostr/event_spec.rb

@@ -5,17 +5,17 @@ require 'spec_helper'
 RSpec.describe Nostr::Event do
   let(:event) do
     described_class.new(
-      id: '20f31a9b2a0ced48a167add9732ccade1dca5e34b44316e37da4af33bc8946a9',
-      pubkey: 'ccf9fdf3e1466d7c20969c71ec98defcf5f54aee088513e1b73ccb7bd770d460',
-      created_at: 1_230_981_305,
+      id: '499ff6e60cc6b38bd6b94446fb1d61cc18cf19bf324e93dfe84338daeaab3fba',
+      pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+      created_at: 1_667_422_587,
       kind: 1,
       tags: [
         %w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408],
         %w[p 472f440f29ef996e92a186b8d320ff180c855903882e59d50de1b8bd5669301e]
       ],
       content: 'Your feedback is appreciated, now pay $8',
-      sig: '058613f8d34c053294cc28b7f9e1f8f0e80fd1ac94fb20f2da6ca514e7360b39' \
-           '63d0086171f842ffebf1f7790ce147b4811a15ef3f59c76ec1324b970cc57ffe'
+      sig: 'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+           '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
     )
   end
 
@@ -24,8 +24,8 @@ RSpec.describe Nostr::Event do
       it 'returns true' do
         event1 = described_class.new(
           id: '2a3184512d34077601e992ba3c3215354b21a8c76f85c2c7f66093481854e811',
-          pubkey: '2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558',
-          created_at: 1_230_981_305,
+          pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+          created_at: 1_667_422_587,
           kind: 1,
           tags: [%w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408]],
           content: 'Your feedback is appreciated, now pay $8',
@@ -35,8 +35,8 @@ RSpec.describe Nostr::Event do
 
         event2 = described_class.new(
           id: '2a3184512d34077601e992ba3c3215354b21a8c76f85c2c7f66093481854e811',
-          pubkey: '2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558',
-          created_at: 1_230_981_305,
+          pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+          created_at: 1_667_422_587,
           kind: 1,
           tags: [%w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408]],
           content: 'Your feedback is appreciated, now pay $8',
@@ -52,8 +52,8 @@ RSpec.describe Nostr::Event do
       it 'returns false' do
         event1 = described_class.new(
           id: '2a3184512d34077601e992ba3c3215354b21a8c76f85c2c7f66093481854e811',
-          pubkey: '2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558',
-          created_at: 1_230_981_305,
+          pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+          created_at: 1_667_422_587,
           kind: 1,
           tags: [%w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408]],
           content: 'Your feedback is appreciated, now pay $8',
@@ -63,13 +63,13 @@ RSpec.describe Nostr::Event do
 
         event2 = described_class.new(
           id: '2a3184512d34077601e992ba3c3215354b21a8c76f85c2c7f66093481854e811',
-          pubkey: '2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558',
-          created_at: 1_230_981_305,
+          pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+          created_at: 1_667_422_587,
           kind: 1,
           tags: [%w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408]],
           content: 'Your feedback is appreciated, now pay $8',
-          sig: '058613f8d34c053294cc28b7f9e1f8f0e80fd1ac94fb20f2da6ca514e7360b39' \
-               '63d0086171f842ffebf1f7790ce147b4811a15ef3f59c76ec1324b970cc57ffe'
+          sig: 'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+               '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
         )
 
         expect(event1).not_to eq(event2)
@@ -80,17 +80,17 @@ RSpec.describe Nostr::Event do
   describe '.new' do
     it 'creates an instance of an event' do
       event = described_class.new(
-        id: '20f31a9b2a0ced48a167add9732ccade1dca5e34b44316e37da4af33bc8946a9',
-        pubkey: 'ccf9fdf3e1466d7c20969c71ec98defcf5f54aee088513e1b73ccb7bd770d460',
-        created_at: 1_230_981_305,
+        id: '499ff6e60cc6b38bd6b94446fb1d61cc18cf19bf324e93dfe84338daeaab3fba',
+        pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+        created_at: 1_667_422_587,
         kind: 1,
         tags: [
           %w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408],
           %w[p 472f440f29ef996e92a186b8d320ff180c855903882e59d50de1b8bd5669301e]
         ],
         content: 'Your feedback is appreciated, now pay $8',
-        sig: '058613f8d34c053294cc28b7f9e1f8f0e80fd1ac94fb20f2da6ca514e7360b39' \
-             '63d0086171f842ffebf1f7790ce147b4811a15ef3f59c76ec1324b970cc57ffe'
+        sig: 'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+             '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
       )
 
       expect(event).to be_an_instance_of(described_class)
@@ -100,7 +100,7 @@ RSpec.describe Nostr::Event do
   describe '#add_event_reference' do
     let(:event) do
       described_class.new(
-        pubkey: 'ccf9fdf3e1466d7c20969c71ec98defcf5f54aee088513e1b73ccb7bd770d460',
+        pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
         kind: Nostr::EventKind::TEXT_NOTE,
         tags: [
           %w[p 472f440f29ef996e92a186b8d320ff180c855903882e59d50de1b8bd5669301e]
@@ -124,7 +124,7 @@ RSpec.describe Nostr::Event do
   describe '#add_pubkey_reference' do
     let(:event) do
       described_class.new(
-        pubkey: 'ccf9fdf3e1466d7c20969c71ec98defcf5f54aee088513e1b73ccb7bd770d460',
+        pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
         kind: Nostr::EventKind::TEXT_NOTE,
         tags: [
           %w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408]
@@ -153,7 +153,7 @@ RSpec.describe Nostr::Event do
 
   describe '#created_at' do
     it 'exposes the event creation date' do
-      expect(event.created_at).to eq(1_230_981_305)
+      expect(event.created_at).to eq(1_667_422_587)
     end
   end
 
@@ -165,13 +165,13 @@ RSpec.describe Nostr::Event do
 
   describe '#id' do
     it 'exposes the event id' do
-      expect(event.id).to eq('20f31a9b2a0ced48a167add9732ccade1dca5e34b44316e37da4af33bc8946a9')
+      expect(event.id).to eq('499ff6e60cc6b38bd6b94446fb1d61cc18cf19bf324e93dfe84338daeaab3fba')
     end
   end
 
   describe '#id=' do
     it 'sets the event id' do
-      new_id = '20f31a9b2a0ced48a167add9732ccade1dca5e34b44316e37da4af33bc8946a9'
+      new_id = '499ff6e60cc6b38bd6b94446fb1d61cc18cf19bf324e93dfe84338daeaab3fba'
 
       event.id = new_id
       expect(event.id).to eq(new_id)
@@ -180,7 +180,7 @@ RSpec.describe Nostr::Event do
 
   describe '#pubkey' do
     it 'exposes the event pubkey' do
-      expect(event.pubkey).to eq('ccf9fdf3e1466d7c20969c71ec98defcf5f54aee088513e1b73ccb7bd770d460')
+      expect(event.pubkey).to eq('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558')
     end
   end
 
@@ -191,8 +191,8 @@ RSpec.describe Nostr::Event do
       expect(serialized_event).to eq(
         [
           0,
-          'ccf9fdf3e1466d7c20969c71ec98defcf5f54aee088513e1b73ccb7bd770d460',
-          1_230_981_305,
+          Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+          1_667_422_587,
           1,
           [
             %w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408],
@@ -207,16 +207,16 @@ RSpec.describe Nostr::Event do
   describe '#sig' do
     it 'exposes the event signature' do
       expect(event.sig).to eq(
-        '058613f8d34c053294cc28b7f9e1f8f0e80fd1ac94fb20f2da6ca514e7360b39' \
-        '63d0086171f842ffebf1f7790ce147b4811a15ef3f59c76ec1324b970cc57ffe'
+        'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+        '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
       )
     end
   end
 
   describe '#sig=' do
     it 'sets the event signature' do
-      new_signature = '058613f8d34c053294cc28b7f9e1f8f0e80fd1ac94fb20f2da6ca514e7360b39' \
-                      '63d0086171f842ffebf1f7790ce147b4811a15ef3f59c76ec1324b970cc57ffe'
+      new_signature = 'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+                      '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
 
       event.sig = new_signature
       expect(event.sig).to eq(new_signature)
@@ -226,7 +226,7 @@ RSpec.describe Nostr::Event do
   describe '#sign' do
     let(:event) do
       described_class.new(
-        pubkey: 'ccf9fdf3e1466d7c20969c71ec98defcf5f54aee088513e1b73ccb7bd770d460',
+        pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
         kind: Nostr::EventKind::TEXT_NOTE,
         content: 'Your feedback is appreciated, now pay $8'
       )
@@ -262,16 +262,126 @@ RSpec.describe Nostr::Event do
   describe '#to_h' do
     it 'converts the event to a hash' do
       expect(event.to_h).to eq(
-        id: '20f31a9b2a0ced48a167add9732ccade1dca5e34b44316e37da4af33bc8946a9',
-        pubkey: 'ccf9fdf3e1466d7c20969c71ec98defcf5f54aee088513e1b73ccb7bd770d460',
-        created_at: 1_230_981_305,
+        id: '499ff6e60cc6b38bd6b94446fb1d61cc18cf19bf324e93dfe84338daeaab3fba',
+        pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+        created_at: 1_667_422_587,
         kind: 1,
         tags: [%w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408],
                %w[p 472f440f29ef996e92a186b8d320ff180c855903882e59d50de1b8bd5669301e]],
         content: 'Your feedback is appreciated, now pay $8',
-        sig: '058613f8d34c053294cc28b7f9e1f8f0e80fd1ac94fb20f2da6ca514e7360b39' \
-             '63d0086171f842ffebf1f7790ce147b4811a15ef3f59c76ec1324b970cc57ffe'
+        sig: 'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+             '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
       )
     end
   end
+
+  describe '#verify_signature' do
+    context 'when the id is nil' do
+      let(:event) do
+        described_class.new(
+          pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+          created_at: 1_667_422_587,
+          kind: 1,
+          tags: [
+            %w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408],
+            %w[p 472f440f29ef996e92a186b8d320ff180c855903882e59d50de1b8bd5669301e]
+          ],
+          content: 'Your feedback is appreciated, now pay $8',
+          sig: 'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+               '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
+        )
+      end
+
+      it 'returns false' do
+        expect(event.verify_signature).to be(false)
+      end
+    end
+
+    context 'when the sig is nil' do
+      let(:event) do
+        described_class.new(
+          id: '499ff6e60cc6b38bd6b94446fb1d61cc18cf19bf324e93dfe84338daeaab3fba',
+          pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+          created_at: 1_667_422_587,
+          kind: 1,
+          tags: [
+            %w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408],
+            %w[p 472f440f29ef996e92a186b8d320ff180c855903882e59d50de1b8bd5669301e]
+          ],
+          content: 'Your feedback is appreciated, now pay $8'
+        )
+      end
+
+      it 'returns false' do
+        event.sig = nil
+        expect(event.verify_signature).to be(false)
+      end
+    end
+
+    context 'when the pubkey is missing' do
+      let(:event) do
+        described_class.new(
+          id: '499ff6e60cc6b38bd6b94446fb1d61cc18cf19bf324e93dfe84338daeaab3fba',
+          pubkey: nil,
+          created_at: 1_667_422_587,
+          kind: 1,
+          tags: [
+            %w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408],
+            %w[p 472f440f29ef996e92a186b8d320ff180c855903882e59d50de1b8bd5669301e]
+          ],
+          content: 'Your feedback is appreciated, now pay $8',
+          sig: 'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+               '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
+        )
+      end
+
+      it 'returns false' do
+        expect(event.verify_signature).to be(false)
+      end
+    end
+
+    context 'when the sig is valid' do
+      let(:event) do
+        described_class.new(
+          id: '499ff6e60cc6b38bd6b94446fb1d61cc18cf19bf324e93dfe84338daeaab3fba',
+          pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+          created_at: 1_667_422_587,
+          kind: 1,
+          tags: [
+            %w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408],
+            %w[p 472f440f29ef996e92a186b8d320ff180c855903882e59d50de1b8bd5669301e]
+          ],
+          content: 'Your feedback is appreciated, now pay $8',
+          sig: 'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+               '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
+        )
+      end
+
+      it 'returns true' do
+        expect(event.verify_signature).to be(true)
+      end
+    end
+
+    context 'when the sig is invalid' do
+      let(:event) do
+        described_class.new(
+          id: '499ff6e60cc6b38bd6b94446fb1d61cc18cf19bf324e93dfe84338daeaab3fba',
+          pubkey: Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558'),
+          created_at: 1_667_422_587,
+          kind: 1,
+          tags: [
+            %w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408],
+            %w[p 472f440f29ef996e92a186b8d320ff180c855903882e59d50de1b8bd5669301e]
+          ],
+          content: 'Your feedback is appreciated, now pay $8',
+          sig: 'badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadb' \
+               'badbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadbadb'
+        )
+      end
+
+      it 'returns false' do
+        expect(event.verify_signature).to be(false)
+      end
+    end
+  end
 end

spec/nostr/key_pair_spec.rb

@@ -56,4 +56,15 @@ RSpec.describe Nostr::KeyPair do
       expect(keypair.public_key).to eq('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558')
     end
   end
+
+  describe '#to_ary' do
+    it 'converts the key pair to an array' do
+      expect(keypair.to_ary).to eq(
+        [
+          Nostr::PrivateKey.new('893c4cc8088924796b41dc788f7e2f746734497010b1a9f005c1faad7074b900'),
+          Nostr::PublicKey.new('2d7661527d573cc8e84f665fa971dd969ba51e2526df00c149ff8e40a58f9558')
+        ]
+      )
+    end
+  end
 end

spec/nostr/signature_spec.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Nostr::Signature do
+  let(:valid_hex_signature) do
+    'f418c97b50cc68227e82f4f3a79d79eb2b7a0fa517859c86e1a8fa91e3741b7f' \
+      '06e070c44129227b83fcbe93cecb02a346804a4080ce47685ecad60ab4f5f128'
+  end
+
+  let(:signature) { described_class.new(valid_hex_signature) }
+
+  describe '.new' do
+    context 'when the signature is not a string' do
+      it 'raises an InvalidSignatureTypeError' do
+        expect { described_class.new(1234) }.to raise_error(
+          Nostr::InvalidSignatureTypeError,
+          'Invalid signature type'
+        )
+      end
+    end
+
+    context "when the signature's length is not 128 characters" do
+      it 'raises an InvalidSignatureLengthError' do
+        expect { described_class.new('a' * 129) }.to raise_error(
+          Nostr::InvalidSignatureLengthError,
+          'Invalid signature length. It should have 128 characters.'
+        )
+      end
+    end
+
+    context 'when the signature contains non-hexadecimal characters' do
+      it 'raises an InvalidKeyFormatError' do
+        expect { described_class.new('g' * 128) }.to raise_error(
+          Nostr::InvalidSignatureFormatError,
+          'Only lowercase hexadecimal characters are allowed in signatures.'
+        )
+      end
+    end
+
+    context 'when the signature contains uppercase characters' do
+      it 'raises an InvalidKeyFormatError' do
+        expect { described_class.new('A' * 128) }.to raise_error(
+          Nostr::InvalidSignatureFormatError,
+          'Only lowercase hexadecimal characters are allowed in signatures.'
+        )
+      end
+    end
+
+    context 'when the signature is valid' do
+      it 'does not raise any error' do
+        expect { described_class.new('a' * 128) }.not_to raise_error
+      end
+    end
+  end
+end

spec/nostr/user_spec.rb

@@ -68,8 +68,8 @@ RSpec.describe Nostr::User do
             kind: 1,
             tags: [%w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408]],
             content: 'Your feedback is appreciated, now pay $8',
-            sig: '970fea8d213da86c583804522c45d04e61c18c433704b62f793f187bca82091c' \
-                 '3884d6207c6511c0966ecf6230082179a49257b03e5a4d2d08da9124a190f1bb'
+            sig: '6e852020d5c70527674a21ab7d47db3c355cdbac443a80f5fe2b956f536b75b1' \
+                 '3fdfb28a2ffc09cb2438a61b020aaa62e8df7bb08471ccf7839a48350e485937'
           )
         )
       end
@@ -92,8 +92,8 @@ RSpec.describe Nostr::User do
             kind: 1,
             tags: [],
             content: 'Your feedback is appreciated, now pay $8',
-            sig: 'f5a2cdc29723c888df52afd6f8c6e260110f74ed23fee3edbf39fff4a9f1b9f1' \
-                 'c93284b02d4eba0481325bb5555624ddf969d5905b63f17191f9132a0ddd97b0'
+            sig: '48256fea31f2cabf0e92b5f67c2f654c9647be15b8bc6f381673af3748e15c76' \
+                 'b8d505019fc4e75d79be668c18f57b69b76d95b639cca8ae9a5817d569a8d12b'
           )
         )
       end
@@ -116,8 +116,8 @@ RSpec.describe Nostr::User do
             kind: 1,
             tags: [%w[e 189df012cfff8a075785b884bd702025f4a7a37710f581c4ac9d33e24b585408]],
             content: 'Your feedback is appreciated, now pay $8',
-            sig: '970fea8d213da86c583804522c45d04e61c18c433704b62f793f187bca82091c' \
-                 '3884d6207c6511c0966ecf6230082179a49257b03e5a4d2d08da9124a190f1bb'
+            sig: '6e852020d5c70527674a21ab7d47db3c355cdbac443a80f5fe2b956f536b75b1' \
+                 '3fdfb28a2ffc09cb2438a61b020aaa62e8df7bb08471ccf7839a48350e485937'
           )
         )
       end

spec/nostr_spec.rb

@@ -2,6 +2,6 @@
 
 RSpec.describe Nostr do
   it 'has a version number' do
-    expect(Nostr::VERSION).not_to be_nil
+    expect(described_class::VERSION).not_to be_nil
   end
 end