Ideally the developer would specify the format (e.g. a currency ticker ETH, BTC etc) or a JWA algorithm (https://datatracker.ietf.org/doc/html/rfc7518#section-3.1) and the message. The signing process would then be handled by the browser (perhaps allowing for hardware key integration) and the signature returned to the developer. A similar api would be needed for verification.
The idea you’re proposing seems to be a convenient and potentially valuable tool for developers, especially those working with blockchain applications or systems that require secure message signing and verification. Let’s break down the components of your proposal:
Allowing users to sign messages using their Brave integrated wallet can be useful, especially if developers want to leverage the security features of the wallet for user authentication or transaction authorization.
This could provide a seamless and secure way for users to interact with decentralized applications (dApps) or blockchain services without compromising their private keys.
A more general JSON Web Key (JWK) signing tool, as you suggested, would be versatile and applicable in various scenarios beyond blockchain applications.
Developers could specify the format (e.g., currency ticker) or algorithm (JWA) they want to use for signing, providing flexibility for different use cases.
Offloading the signing process to the browser, with potential integration for hardware keys, enhances security and user experience.
This could mitigate some security concerns associated with handling private keys directly within applications.
Alongside the signing API, having a corresponding company info API for signature verification is crucial. This ensures that developers can authenticate and verify messages signed by users.