diff --git a/04.md b/04.md index 6e45b74b..2490c183 100644 --- a/04.md +++ b/04.md @@ -1,10 +1,12 @@ +> __Warning__ `unrecommended`: deprecated in favor of [NIP-44](44.md) + NIP-04 ====== Encrypted Direct Message ------------------------ -`final` `optional` `author:arcbtc` +`final` `unrecommended` `author:arcbtc` A special event with kind `4`, meaning "encrypted direct message". It is supposed to have the following attributes: diff --git a/07.md b/07.md index ee4e3722..661144e6 100644 --- a/07.md +++ b/07.md @@ -18,8 +18,10 @@ async window.nostr.signEvent(event: Event): Event // takes an event object, adds Aside from these two basic above, the following functions can also be implemented optionally: ``` async window.nostr.getRelays(): { [url: string]: {read: boolean, write: boolean} } // returns a basic map of relay urls to relay policies -async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04 -async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 +async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04 (deprecated) +async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 (deprecated) +async window.nostr.nip44.encrypt(pubkey, plaintext): string // returns encrypted payload as specified in nip-44 +async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes encrypted payload as specified in nip-44 ``` ### Implementation diff --git a/44.md b/44.md index 9d436989..c6fb69a7 100644 --- a/44.md +++ b/44.md @@ -8,7 +8,7 @@ Encrypted Payloads (Versioned) The NIP introduces a versioned encryption data model, allowing multiple algorithm choices to exist simultaneously. -The algorithm described in NIP4 is potentially vulnerable to [padding oracle attacks](https://en.wikipedia.org/wiki/Padding_oracle_attack) and uses keys which are not indistinguishable from random. +The algorithm described in NIP-04 is potentially vulnerable to [padding oracle attacks](https://en.wikipedia.org/wiki/Padding_oracle_attack) and uses keys which are not indistinguishable from random. For more information, see [here](https://github.com/nostr-protocol/nips/pull/715#issuecomment-1675301250-). An encrypted payload MUST be encoded as a JSON object. Different versions may have different parameters. Every format has a `v` field specifying its version. @@ -17,10 +17,6 @@ Currently defined encryption algorithms: - `0x00` - Reserved - `0x01` - XChaCha with same key `sha256(ecdh)` per conversation -# Version 0 - -Version 0 is not defined, however implementations depending on this NIP MAY choose to support the payload described in NIP 04 in the same places a NIP 44 payload would otherwise be expected. This is intended to allow a smooth transition while clients and signing software adopt the new standard. - # Version 1 Params: @@ -38,11 +34,13 @@ Example: } ``` -**Note**: By default in the [libsecp256k1](https://github.com/bitcoin-core/secp256k1) ECDH implementation, the secret is the SHA256 hash of the shared point (both X and Y coordinates). We are using this exact implementation. In NIP4, unhashed shared point was used. +# Other Notes -## Code Samples +By default in the [libsecp256k1](https://github.com/bitcoin-core/secp256k1) ECDH implementation, the secret is the SHA256 hash of the shared point (both X and Y coordinates). We are using this exact implementation. In NIP-94, unhashed shared point was used. -### Javascript +# Code Samples + +## Javascript ```javascript import {xchacha20} from "@noble/ciphers/chacha" @@ -99,7 +97,7 @@ export function decrypt(privkey: string, pubkey: string, payload: string) { } ``` -### Kotlin +## Kotlin ```kotlin // implementation 'fr.acinq.secp256k1:secp256k1-kmp-jni-android:0.10.1' diff --git a/46.md b/46.md index 90fa1a06..06a26895 100644 --- a/46.md +++ b/46.md @@ -82,12 +82,18 @@ These are mandatory methods the remote signer app MUST implement: - **get_relays** - params [] - result `{ [url: string]: {read: boolean, write: boolean} }` -- **nip04_encrypt** +- **nip04_encrypt** (deprecated) - params [`pubkey`, `plaintext`] - result `nip4 ciphertext` -- **nip04_decrypt** +- **nip04_decrypt** (deprecated) - params [`pubkey`, `nip4 ciphertext`] - result [`plaintext`] +- **nip44_encrypt** + - params [`pubkey`, `plaintext`] + - result `nip44 encrypted payload` +- **nip44_decrypt** + - params [`pubkey`, `nip44 encrypted payload`] + - result [`plaintext`] NOTICE: `pubkey` and `signature` are hex-encoded strings. diff --git a/README.md b/README.md index 3c35ef36..f50bf212 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-01: Basic protocol flow description](01.md) - [NIP-02: Contact List and Petnames](02.md) - [NIP-03: OpenTimestamps Attestations for Events](03.md) -- [NIP-04: Encrypted Direct Message](04.md) +- [NIP-04: Encrypted Direct Message](04.md) --- **unrecommended**: deprecated in favor of [NIP-44](44.md) - [NIP-05: Mapping Nostr keys to DNS-based internet identifiers](05.md) - [NIP-06: Basic key derivation from mnemonic seed phrase](06.md) - [NIP-07: `window.nostr` capability for web browsers](07.md)