Mirror/nips
1
0
Fork 0
mirror of https://github.com/nostr-protocol/nips.git synced 2025-02-22 13:19:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

NIP-4B: nsec Transfer

Browse Source
This commit is contained in:
1l0 2025-02-09 22:40:39 +09:00
parent 5991afb9cf
commit 544e336f6b
1 changed files with 89 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
4B.md Normal file
View File

@ -0,0 +1,89 @@
NIP-4B
======
nsec Transfer
--------------------
`draft` `optional`
This NIP defines how to accomplish nsec transfer from client to client including browser extensions or signers.
## Terminology
- **Source client**: A client that holds the user's nsec.
- **Destination client**: A client that doesn't have the user's nsec and wants it.
- **Ephemeral pubkey**: A pubkey of a kay pair generated for one-time use only.
## Flow
### 1. The destination client creates a transfer request URL.
1. The client generates an ephemeral pubkey.
2. The client creates a transfer request URL, which includes the ephemeral pubkey and relay URLs.
3. The client shows the user the URL. The client MAY show the user a QR code.
4. The client subscribes to the relays and waits for the kind-1059 response, which includes the `["p", "<destination client's ephemeral pubkey>"]` tag.
#### Transfer request URL
```
transfer://<destination client's ephemeral pubkey>?relay=<relay URL>&relay=<relay URL>
```
### 2. The source client responds with gift-wrapped ncryptsec.
1. The user enters the transfer request URL.
2. The client parses the URL.
3. The client generates an ncryptsec ([NIP-49](./49.md)) from the user's nsec and a random 6-digit PIN.
4. The client creates an ncryptsec rumor ([NIP-59](./59.md)) event.
5. The client seals and gift-wraps the rumor event.
6. The client publishes the gift-wrapped event to the destination's relays.
7. The client shows the user the PIN.
#### ncryptsec rumor event
`kind: 24144`
This event MUST NOT be signed.
```jsonc
{
"kind": 24144,
"pubkey": "<source client's ephemeral pubkey A>",
"content": "<ncryptsec>",
// ...
}
```
#### Sealed event
```jsonc
{
"pubkey": "<source client's ephemeral pubkey A>",
"content": "<NIP-44 encrypted ncryptsec rumor event>",
"kind": 13,
"sig": "<source client's ephemeral pubkey A signature>"
// ...
}
```
#### Gift-wrapped event
`source client's ephemeral pubkey B` MUST NOT be the same as `A` described above.
```jsonc
{
"pubkey": "<source client's ephemeral pubkey B>",
"content": "<NIP-44 encrypted sealed event>",
"kind": 1059,
"tags": [["p", "<destination client's ephemeral pubkey>"]],
"sig": "<source client's ephemeral pubkey B signature>"
// ...
}
```
### 3. The destination client fetches the response.
1. The client fetches and validates the gift-wrapped event.
2. The client prompts the user to enter the PIN.
3. If the PIN is valid, the client retrieves the user's nsec from the ncryptsec.