diff options
| author | Jon Staab <jstaab@protonmail.com> | 2023-05-12 05:10:45 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-12 05:10:45 -0700 |
| commit | e5302f84c74cf42d878a3ed18257a16bc0d3b748 (patch) | |
| tree | b1a3ad9c0317bf7c38f34c500559b66ff7c0a22d /04.md | |
| parent | 1c728516dfdc7508ce27eda222bde78466e3457d (diff) | |
| parent | 4208652dc7a39c63c39559b13c656ec30400fcba (diff) | |
Merge branch 'master' into patch-1
Diffstat (limited to '04.md')
| -rw-r--r-- | 04.md | 16 |
1 files changed, 13 insertions, 3 deletions
| @@ -14,19 +14,21 @@ A special event with kind `4`, meaning "encrypted direct message". It is suppose | |||
| 14 | 14 | ||
| 15 | **`tags`** MAY contain an entry identifying the previous message in a conversation or a message we are explicitly replying to (such that contextual, more organized conversations may happen), in the form `["e", "<event_id>"]`. | 15 | **`tags`** MAY contain an entry identifying the previous message in a conversation or a message we are explicitly replying to (such that contextual, more organized conversations may happen), in the form `["e", "<event_id>"]`. |
| 16 | 16 | ||
| 17 | **Note**: By default in the [libsecp256k1](https://github.com/bitcoin-core/secp256k1) ECDH implementation, the secret is the SHA256 hash of the shared point (both X and Y coordinates). In Nostr, only the X coordinate of the shared point is used as the secret and it is NOT hashed. If using libsecp256k1, a custom function that copies the X coordinate must be passed as the `hashfp` argument in `secp256k1_ecdh`. See [here](https://github.com/bitcoin-core/secp256k1/blob/master/src/modules/ecdh/main_impl.h#L29). | ||
| 18 | |||
| 17 | Code sample for generating such an event in JavaScript: | 19 | Code sample for generating such an event in JavaScript: |
| 18 | 20 | ||
| 19 | ```js | 21 | ```js |
| 20 | import crypto from 'crypto' | 22 | import crypto from 'crypto' |
| 21 | import * as secp from 'noble-secp256k1' | 23 | import * as secp from '@noble/secp256k1' |
| 22 | 24 | ||
| 23 | let sharedPoint = secp.getSharedSecret(ourPrivateKey, '02' + theirPublicKey) | 25 | let sharedPoint = secp.getSharedSecret(ourPrivateKey, '02' + theirPublicKey) |
| 24 | let sharedX = sharedPoint.substr(2, 64) | 26 | let sharedX = sharedPoint.slice(1, 33) |
| 25 | 27 | ||
| 26 | let iv = crypto.randomFillSync(new Uint8Array(16)) | 28 | let iv = crypto.randomFillSync(new Uint8Array(16)) |
| 27 | var cipher = crypto.createCipheriv( | 29 | var cipher = crypto.createCipheriv( |
| 28 | 'aes-256-cbc', | 30 | 'aes-256-cbc', |
| 29 | Buffer.from(sharedX, 'hex'), | 31 | Buffer.from(sharedX), |
| 30 | iv | 32 | iv |
| 31 | ) | 33 | ) |
| 32 | let encryptedMessage = cipher.update(text, 'utf8', 'base64') | 34 | let encryptedMessage = cipher.update(text, 'utf8', 'base64') |
| @@ -41,3 +43,11 @@ let event = { | |||
| 41 | content: encryptedMessage + '?iv=' + ivBase64 | 43 | content: encryptedMessage + '?iv=' + ivBase64 |
| 42 | } | 44 | } |
| 43 | ``` | 45 | ``` |
| 46 | |||
| 47 | ## Security Warning | ||
| 48 | |||
| 49 | This standard does not go anywhere near what is considered the state-of-the-art in encrypted communication between peers, and it leaks metadata in the events, therefore it must not be used for anything you really need to keep secret, and only with relays that use `AUTH` to restrict who can fetch your `kind:4` events. | ||
| 50 | |||
| 51 | ## Client Implementation Warning | ||
| 52 | |||
| 53 | Clients *should not* search and replace public key or note references from the `.content`. If processed like a regular text note (where `@npub...` is replaced with `#[0]` with a `["p", "..."]` tag) the tags are leaked and the mentioned user will receive the message in their inbox. | ||