diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-09 07:57:54 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-09 07:57:54 +0000 |
| commit | 7cc5d37cbf4f02f0bb7eee6342dc1ede5a841a7b (patch) | |
| tree | 62d3dcf291a7ca67d18cf397b448fb98d62553ba /.env.example | |
| parent | 6bc2d70f6dd351521e522cc4d0f1ac188848ad26 (diff) | |
feat: replace owner-npub with relay-owner-nsec for persistent operator identity
Replace the owner-npub configuration option with relay-owner-nsec to provide
a persistent cryptographic identity for the relay operator. This addresses
NIP-42 authentication requirements discovered during sync debugging.
Motivation:
- Some relays (e.g., relay.damus.io) require NIP-42 authentication for
advanced features like NIP-77 negentropy sync
- Previously used random ephemeral keys per connection, providing no
persistent identity
- Other relays can now recognize us by pubkey for reputation-based rate
limiting
- Ensures consistency between NIP-11 pubkey and authentication key
Changes:
- Config: relay_owner_nsec with auto-load/generate from .relay-owner.nsec
- NIP-11: Pubkey derived from nsec instead of separate npub field
- Sync: RelayConnection now uses operator keys for NIP-42 auth
- Docs: Updated README, .env.example, and added .relay-owner.nsec to gitignore
Key Features:
- Auto-generates key on first run and saves to .relay-owner.nsec
- Loads existing key from file on subsequent runs
- Can override via CLI flag or environment variable
- Enables reputation building across relay network
- Future-ready for event signing and WoT calculations
Testing:
- 225/232 tests passing (7 pre-existing purgatory failures unrelated)
- Verified key generation, loading, and NIP-11 derivation
- Release build successful
Related: work/sync-debug-analysis.md, work/relay-owner-nsec-implementation.md
Diffstat (limited to '.env.example')
| -rw-r--r-- | .env.example | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/.env.example b/.env.example index 7545d03..95db3c2 100644 --- a/.env.example +++ b/.env.example | |||
| @@ -30,10 +30,16 @@ | |||
| 30 | # RELAY INFORMATION (NIP-11) | 30 | # RELAY INFORMATION (NIP-11) |
| 31 | # ============================================================================ | 31 | # ============================================================================ |
| 32 | 32 | ||
| 33 | # Owner's npub (optional, for relay info in NIP-11) | 33 | # Relay operator's nsec (private key) for signing and authentication |
| 34 | # CLI: --owner-npub <npub> | 34 | # Used for: |
| 35 | # Default: (none) | 35 | # - NIP-11 relay information document (pubkey field derived from this nsec) |
| 36 | # NGIT_OWNER_NPUB=npub1... | 36 | # - NIP-42 authentication when syncing from other relays |
| 37 | # - Future: signing events, WoT-based rate limiting of syncing relays | ||
| 38 | # | ||
| 39 | # CLI: --relay-owner-nsec <nsec> | ||
| 40 | # Default: Loaded from/saved to .relay-owner.nsec file in current directory | ||
| 41 | # If file doesn't exist, a new key is generated and saved automatically | ||
| 42 | # NGIT_RELAY_OWNER_NSEC=nsec1... | ||
| 37 | 43 | ||
| 38 | # Relay name shown in NIP-11 information document | 44 | # Relay name shown in NIP-11 information document |
| 39 | # CLI: --relay-name <name> | 45 | # CLI: --relay-name <name> |