Mirror/nips
1
0
Fork 0
mirror of https://github.com/nostr-protocol/nips.git synced 2025-02-22 13:19:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0b1980f8a5
nips/4B.md
reis 0b1980f8a5
Update 4B.md 
Co-authored-by: greenart7c3 <115044884+greenart7c3@users.noreply.github.com>
2025-02-10 21:10:27 +09:00

2.5 KiB
Raw Blame History

NIP-4B

nsec Transfer

draft optional

This NIP defines how to accomplish nsec transfer from client to client including browser extensions or signers.

Terminology

  • Source client: A client that holds the user's nsec.
  • Destination client: A client that doesn't have the user's nsec and wants it.
  • Ephemeral pubkey: A pubkey of a key pair generated for one-time use only.

Flow

1. The destination client creates a transfer request URL.

  1. The client generates an ephemeral pubkey.
  2. The client creates a transfer request URL, which includes the ephemeral pubkey and relay URLs.
  3. The client shows the user the URL. The client MAY show the user a QR code.
  4. The client subscribes to the relays and waits for the kind-1059 response, which includes the ["p", "<destination client's ephemeral pubkey>"] tag.

Transfer request URL

transfer://<destination client's ephemeral pubkey>?relay=<relay URL>&relay=<relay URL>

2. The source client responds with gift-wrapped ncryptsec.

  1. The user enters the transfer request URL.
  2. The client parses the URL.
  3. The client generates an ncryptsec (NIP-49) from the user's nsec and a random 6-digit PIN.
  4. The client creates an ncryptsec rumor (NIP-59) event.
  5. The client seals and gift-wraps the rumor event.
  6. The client publishes the gift-wrapped event to the destination's relays.
  7. The client shows the user the PIN.

ncryptsec rumor event

kind: 24144

This event MUST NOT be signed.

{
    "kind": 24144,
    "pubkey": "<source client's ephemeral pubkey A>",
    "content": "<ncryptsec>",
    // ...
}

Sealed event

{
  "pubkey": "<source client's ephemeral pubkey A>",
  "content": "<NIP-44 encrypted ncryptsec rumor event>",
  "kind": 13,
  "sig": "<source client's ephemeral pubkey A signature>"
  // ...
}

Gift-wrapped event

source client's ephemeral pubkey B MUST NOT be the same as A described above.

{
  "pubkey": "<source client's ephemeral pubkey B>",
  "content": "<NIP-44 encrypted sealed event>",
  "kind": 1059,
  "tags": [["p", "<destination client's ephemeral pubkey>"]],
  "sig": "<source client's ephemeral pubkey B signature>"
  // ...
}

3. The destination client fetches the response.

  1. The client fetches and validates the gift-wrapped event.
  2. The client prompts the user to enter the PIN.
  3. If the PIN is valid, the client retrieves the user's nsec from the ncryptsec.