feat: add NIP 44 encryption support #2653
Conversation
|
@staab Thanks for the PR! 🙌 Are there already any clients that implement NIP44? |
|
Yep, Coracle does (private key login only right now for obvious reasons). Amethyst, Snort, and 0xChat are actively working on implementations. |
staab
force-pushed
the
master
branch
4 times, most recently
from
404cf04 to
abc683b
Compare
|
Ok, I think this is ready for review. It took a while to finalize the NIP 44 spec, but it was finally merged this week. I did add nostr-tools as a dependency, let me know if you'd like to copy the nip44 code into the project instead. |
|
Hey @staab, thanks again for the PR - there are currently some typescript checks failing: I'll try to get my hands on it this week and do some more testing.
|
| mitata "^0.1.6" | ||
| nostr-wasm v0.1.0 | ||
|
|
||
| [email protected]: |
There was a problem hiding this comment.
hmm, why is mitata and nostr-wasm a hard dependency of nostr-tools?
There was a problem hiding this comment.
Not sure about mitata, but nostr-wasm enables an optimization which speeds up signature validation. These should probably be, what, peer deps?
There was a problem hiding this comment.
I am always just a bit hesitant to have a wasm blob in the dependencies.hmm
There was a problem hiding this comment.
We can extract nip 44 and drop nostr-tools, shouldn't be too bad
There was a problem hiding this comment.
Any update on this? @bumi should we extract nip-44 from nostr-tools?
There was a problem hiding this comment.
The wasm is fine, it's just Bitcoin's secp256k1 library compiled to wasm. It's faster. Check: https://github.com/fiatjaf/nostr-wasm?tab=readme-ov-file#is-libsecp256k1-modified
| integrity sha512-EbqwksQwz9xDRGfDST86whPBgM65E0OH/pCgqW0GBVzO22bNE+NuIbeTb714+IfSjU3aRk47EUvXIb5bTsenKA== | ||
|
|
||
| "@noble/hashes@^1.1.5": | ||
| "@noble/hashes@1.3.2", "@noble/hashes@^1.1.5": |
There was a problem hiding this comment.
we should check what uses "@noble/hashes@^1.1.5" and if we can update it.
There was a problem hiding this comment.
Looks like @bitcoinerlab/secp256k1@^1.0.5
|
@staab as soon as I navigate to send a DM to someone on coracle using this branch I get a popup: I do not know what I am signing or why this is needed, and it should only popup to sign once I have typed a DM and pressed send, right? |
|
|
|
|
|
also we need to make this pr in sync with new nostr signing improvements where we split screens for encrypt and decrypt |
|
I'll try to address some of these issues today, as far as
You can ignore that WRT to this PR, that's an event Coracle publishes to track when the user last opened a thread. |
|
Ok, pushed an update with the new separated dialogs. The new commit also changes the api to fit what's proposed here. Unfortunately this makes the prompt potentially overwhelming since it might include hundreds of messages. I'm not sure how you want to handle that. Let me know if there's anything else you spot that I can fix! Also, there are a number of type errors and a couple failing tests that appear to be unrelated to this PR. |
@staab it was not a standard sign event request though (with a kind, etc), but a NIP-04 encryption |
|
Yep, it encrypts the payload before sending to keep read receipts private. |
|
Hey guys, anything I can do to push this forward? Also interested in feedback about the bulk use case. |
|
The bulk case makes sense for remote signing and is similar to the new multi_ methods for split payments introduced in NIP-47. For decryption would the user need to really review what they are decrypting (and would they understand it anyway)? maybe we can simplify the dialog there and say "decrypt X messages from For bulk encryption, this would just be for bulk DMs, right (e.g. for advertising?) or is there another common usecase? |
|
Yeah, that UX would make sense I think. Use cases would be anything wrapped, so DMs, encrypted chat (NIP 17 draft), key exchange for encrypted groups (NIP 87 draft), anything else requiring encryption. The bulk use case is helpful because a lot of the time these events are requested in the background and many need to be encrypted to get the user up to speed. |
How does the user control this though? I am worried they just end up using the "remember" option and automatically signing everything if they get too many random popups, which in my opinion defeats the point (and you might as well just trust or not trust specific apps). |
|
@staab any updates on my feedback? do you need any help? |
|
It should all be addressed, please review the PR and let me know if anything's missing |
|
👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎ This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
|
After much debate we have decided to stick to the same interface that nip 04 uses: nostr-protocol/nips#1063 Lots of linting is failing from upstream I believe, let me know if there's anything I can do to improve the PR. |
|
@staab can you please update this PR so we can directly push updates to it? I created a PR here for some fixes: coracle-social#2 |
| @@ -128,6 +128,8 @@ const routes = { | |||
| getRelays: nostr.getRelays, | |||
| encryptOrPrompt: nostr.encryptOrPrompt, | |||
| decryptOrPrompt: nostr.decryptOrPrompt, | |||
| nip44EncryptOrPrompt: nostr.nip44EncryptOrPrompt, | |||
There was a problem hiding this comment.
should we rename the existing methods to be prefixed with nip04?
There was a problem hiding this comment.
I can do that if you want, just let me know
src/extension/background-script/actions/nostr/nip44EncryptOrPrompt.ts
Outdated
Show resolved
Hide resolved
|
@staab do you know why nip44 encryption is not triggered on coracle on scoial? if i try it on console functionality works great. but i always get nip04 prompt when trying on website. thanks! |
|
can you please merge Roland's follow up pr so that tests and functionality fix is present in the pr |
Fix: coracle nip44
|
Got that PR merged.
04 will still be used for most things, since it depends on new NIPs to invoke nip44. I would suggest sending a DM to yourself. If |
|
@staab can you please sync your fork as with upstream. so that i can push latest changes on your fork |
|
@staab i created a new pr for nip44 support and based it off from alby's master branch. i also extracted nip44 into extension itself cause we don't want to introduce nostr2.x now. we do it when alby-js-sdk is upgraded to 2.x. thanks a lot for the contributions and pr. closing this in favour of #3075 |
I've added added for NIP-44 encryption and decryption so that users can access nostr features built on the new primitives.
Fixes #2652
feat: New feature (non-breaking change which adds functionality)How has this been tested?
No testing yet
Checklist