diff options
| author | Jonathan Staab <shtaab@gmail.com> | 2023-08-11 13:09:17 -0700 |
|---|---|---|
| committer | Jonathan Staab <shtaab@gmail.com> | 2023-08-11 13:14:52 -0700 |
| commit | 30696049ccdc9f19b9f737b97290a78d0a64ba9c (patch) | |
| tree | 8b2357b2f46b4103f69f06c5fc2bbbef5c30839d /44.md | |
| parent | 00a8f9532eeee918c0417ae0f501c790cd5a3f56 (diff) | |
Deprecate NIP 04
Diffstat (limited to '44.md')
| -rw-r--r-- | 44.md | 16 |
1 files changed, 7 insertions, 9 deletions
| @@ -8,7 +8,7 @@ Encrypted Payloads (Versioned) | |||
| 8 | 8 | ||
| 9 | The NIP introduces a versioned encryption data model, allowing multiple algorithm choices to exist simultaneously. | 9 | The NIP introduces a versioned encryption data model, allowing multiple algorithm choices to exist simultaneously. |
| 10 | 10 | ||
| 11 | The algorithm described in NIP4 is potentially vulnerable to [padding oracle attacks](https://en.wikipedia.org/wiki/Padding_oracle_attack) and uses keys which are not indistinguishable from random. | 11 | The algorithm described in NIP-04 is potentially vulnerable to [padding oracle attacks](https://en.wikipedia.org/wiki/Padding_oracle_attack) and uses keys which are not indistinguishable from random. For more information, see [here](https://github.com/nostr-protocol/nips/pull/715#issuecomment-1675301250-). |
| 12 | 12 | ||
| 13 | An encrypted payload MUST be encoded as a JSON object. Different versions may have different parameters. Every format has a `v` field specifying its version. | 13 | An encrypted payload MUST be encoded as a JSON object. Different versions may have different parameters. Every format has a `v` field specifying its version. |
| 14 | 14 | ||
| @@ -17,10 +17,6 @@ Currently defined encryption algorithms: | |||
| 17 | - `0x00` - Reserved | 17 | - `0x00` - Reserved |
| 18 | - `0x01` - XChaCha with same key `sha256(ecdh)` per conversation | 18 | - `0x01` - XChaCha with same key `sha256(ecdh)` per conversation |
| 19 | 19 | ||
| 20 | # Version 0 | ||
| 21 | |||
| 22 | Version 0 is not defined, however implementations depending on this NIP MAY choose to support the payload described in NIP 04 in the same places a NIP 44 payload would otherwise be expected. This is intended to allow a smooth transition while clients and signing software adopt the new standard. | ||
| 23 | |||
| 24 | # Version 1 | 20 | # Version 1 |
| 25 | 21 | ||
| 26 | Params: | 22 | Params: |
| @@ -38,11 +34,13 @@ Example: | |||
| 38 | } | 34 | } |
| 39 | ``` | 35 | ``` |
| 40 | 36 | ||
| 41 | **Note**: By default in the [libsecp256k1](https://github.com/bitcoin-core/secp256k1) ECDH implementation, the secret is the SHA256 hash of the shared point (both X and Y coordinates). We are using this exact implementation. In NIP4, unhashed shared point was used. | 37 | # Other Notes |
| 38 | |||
| 39 | By default in the [libsecp256k1](https://github.com/bitcoin-core/secp256k1) ECDH implementation, the secret is the SHA256 hash of the shared point (both X and Y coordinates). We are using this exact implementation. In NIP-94, unhashed shared point was used. | ||
| 42 | 40 | ||
| 43 | ## Code Samples | 41 | # Code Samples |
| 44 | 42 | ||
| 45 | ### Javascript | 43 | ## Javascript |
| 46 | 44 | ||
| 47 | ```javascript | 45 | ```javascript |
| 48 | import {xchacha20} from "@noble/ciphers/chacha" | 46 | import {xchacha20} from "@noble/ciphers/chacha" |
| @@ -99,7 +97,7 @@ export function decrypt(privkey: string, pubkey: string, payload: string) { | |||
| 99 | } | 97 | } |
| 100 | ``` | 98 | ``` |
| 101 | 99 | ||
| 102 | ### Kotlin | 100 | ## Kotlin |
| 103 | 101 | ||
| 104 | ```kotlin | 102 | ```kotlin |
| 105 | // implementation 'fr.acinq.secp256k1:secp256k1-kmp-jni-android:0.10.1' | 103 | // implementation 'fr.acinq.secp256k1:secp256k1-kmp-jni-android:0.10.1' |