Introduction
NIP-05 verification enables Bitcoin Nostr users to link their Lightning addresses to their public keys, creating a trust layer in the decentralized social ecosystem. This guide walks you through setup, functionality, and practical implementation for 2026.
Key Takeaways
- NIP-05 maps Lightning addresses to Nostr public keys via DNS records
- Verification establishes identity authenticity without central authority
- Setup requires basic DNS configuration and a JSON file hosted on your domain
- Clients validate the mapping automatically when users publish events
- No blockchain transactions are required for verification status
What is NIP-05 Verification
NIP-05 is a Nostr Improvement Proposal that defines how users prove ownership of a Lightning address. The system maps a public key to an identifier like @[email protected]. When clients fetch the well-known JSON file from your domain, they confirm the association between your Lightning address and Nostr key. This creates a human-readable handle backed by cryptographic proof rather than platform promises. The specification lives on GitHub as part of the broader Nostr protocol NIPs.
The verification does not store private keys on external servers. Your wallet remains in your control while the DNS record merely points to a publicly accessible JSON file containing your public key. Clients interpret this file to display a green checkmark or similar indicator next to your username. This approach leverages existing internet infrastructure rather than building new trusted intermediaries.
Why NIP-05 Verification Matters
Spam and impersonation plague every social platform, and Nostr faces the same challenge despite its decentralized architecture. Without verification, bad actors create keys pretending to be well-known Bitcoin developers or companies. NIP-05 verification solves this by tying identity to domains you already control. A verification badge signals that someone owns the domain matching their claimed handle.
For Bitcoin businesses, NIP-05 verification adds legitimacy to Nostr interactions. Customers recognize verified accounts more easily, reducing phishing risk. Lightning Network payments also flow more naturally when senders can address recipients by familiar handles instead of raw npub strings. The verification layer makes Nostr practical for commerce without sacrificing decentralization.
How NIP-05 Verification Works
Mechanism Breakdown
The verification process follows a structured sequence connecting DNS infrastructure with Nostr event publishing:
Step 1 — User creates a key pair. The private key stays on-device while the public key (npub) becomes the identity anchor. Step 2 — User configures DNS. A TXT or SRV record points to the domain hosting the verification file. Step 3 — User creates the JSON file. The file lives at yourdomain.com/.well-known/nostr.json and contains your Lightning address linked to your public key. Step 4 — Client fetches the file. When loading your profile, the Nostr client requests this URL and compares the returned key against your displayed identity. Step 5 — Verification status displays. If keys match, the client shows verification; if not, it flags a mismatch.
JSON Structure Formula
The nostr.json file follows this exact format:
{ "names": { "username": "npub1hexadecimalpublickey..." } }
For Lightning integration, add a “lud06” or “lud16” field containing your Lightning address. The “names” object maps lowercase usernames to public keys. Multiple users can appear in the same file if they share domain control.
Used in Practice
Setting up NIP-05 requires three components: a domain you own, hosting for a static file, and DNS configuration access. First, decide on a username that reflects your brand or identity. Then create the JSON file with your npub string and Lightning address. Finally, add the DNS record pointing to your domain.
Popular Nostr clients like Damus, Amethyst, and Coracle automatically check for verification when displaying profiles. Users see the verification badge next to handles containing the @ symbol. When composing notes, mentions like @[email protected] resolve through NIP-05 lookup, simplifying address entry for readers.
Businesses integrate NIP-05 by hosting the file on their main website. This ties verification to existing brand domains customers already trust. Customer support staff can maintain verified accounts while the company retains DNS control. If staff leave, simply update the JSON file rather than creating new keys.
Risks and Limitations
Domain expiration creates the primary vulnerability. If you fail to renew your domain, verification disappears regardless of key ownership. Clients display your account as unverified even though your cryptographic identity remains intact. This makes domain management critical for sustained verification status.
NIP-05 does not verify real-world identity, only domain control. Anyone can claim @[email protected] if they somehow obtain DNS access for tesla.com. The verification proves domain ownership, not personal identity. Users must still apply other trust signals when evaluating unfamiliar accounts.
Some clients cache verification results, creating delays when you update records. Propagation through DNS can take minutes to hours depending on TTL settings. During this window, users may see outdated verification status. For urgent changes, lower TTL values before making updates.
NIP-05 vs Domain Verification vs Key-Based Verification
NIP-05 differs from simple domain verification in scope. Domain verification proves you control a website; NIP-05 specifically links that domain to your Nostr public key with Lightning address compatibility. Pure domain verification exists in other systems but lacks the Nostr-specific JSON structure clients recognize.
Raw key-based verification relies solely on cryptographic proof without DNS involvement. You share your npub directly, and recipients import it manually. This approach works offline but lacks human-readable handles. NIP-05 adds convenience while maintaining the same cryptographic foundation. Choose raw keys for maximum security or NIP-05 for practical usability.
What to Watch in 2026
NIP-05 adoption continues growing as more Lightning wallets integrate Nostr address support. Watch for developments in key event (NIP-26) delegation combined with NIP-05, allowing verified domains to sign on behalf of users. This could simplify enterprise Nostr deployments where teams manage brand identities.
Client implementations vary in verification display and fallback behavior. Monitor updates from major clients like Damus and Primal for improved verification UX. Also watch DNS providers offering native Nostr verification hosting, potentially removing manual JSON file management entirely.
Frequently Asked Questions
Does NIP-05 verification cost anything?
No. Verification itself costs nothing beyond domain registration and hosting fees. The protocol operates without transaction fees or subscription services.
Can I use a subdomain for NIP-05?
Yes. Any subdomain works as long as it hosts the JSON file at the correct .well-known path. Many users prefer subdomain prefixes like nostr.example.com for clarity.
What happens if my domain gets compromised?
An attacker controlling your DNS can modify the JSON file to point to a different public key. Clients would then show verification for the attacker’s key instead of yours. Immediately reclaim domain control and update the record if this occurs.
How long does verification take to activate?
DNS propagation typically completes within minutes to 48 hours depending on your TTL settings and resolver caching. Clients may take additional time to refresh cached verification data.
Can multiple users share one domain for verification?
Yes. The JSON file supports multiple entries in the “names” object. Each username maps to a different public key while remaining under the same domain’s control.
Is NIP-05 required to use Nostr?
No. Verification is optional but recommended for anyone building reputation or conducting business. Basic Nostr usage works without any verification status.
Does NIP-05 work with Lightning addresses from any provider?
Yes. The verification file stores your address as a string, compatible with any Lightning address format including those from Alby, BlueWallet, or self-hosted nodes.
Where can I validate my NIP-05 setup?
Use online validators like the one available at Nostr Explorer NIP-05 checker to confirm your configuration resolves correctly across multiple clients.