diff --git a/68.md b/68.md index 7739664..a2fe848 100644 --- a/68.md +++ b/68.md @@ -13,18 +13,18 @@ Every shared replaceable MUST be signed with its own private key. The event owns The event's private key MUST be shared with all editors through `p` tags. The key is [NIP-44](44.md)-encrypted to each editor and placed as the 4th element in a regular `p` tag. ```js -val edittingKeyPair = nostr.generateKeyPair() +val editingKeyPair = nostr.generateKeyPair() { - "pubkey": edittingKeyPair.publicKey + "pubkey": editingKeyPair.publicKey "kind": 3xxxx or 1xxxx, "tags": [ ["d", ""] - ["p", "", "", nip44Encrypt(edittingKeyPair.privateKeyHex, edittingKeyPair.privateKey, "") ] - ["p", "", "", nip44Encrypt(edittingKeyPair.privateKeyHex, edittingKeyPair.privateKey, "") ] + ["p", "", "", nip44Encrypt(editingKeyPair.privateKeyHex, editingKeyPair.privateKey, "") ] + ["p", "", "", nip44Encrypt(editingKeyPair.privateKeyHex, editingKeyPair.privateKey, "") ] ], "content": "", - "sig": signWith(edittingKeyPair.privateKey) + "sig": signWith(editingKeyPair.privateKey) // ... } ``` @@ -47,20 +47,20 @@ Both keys are shared as encrypted `p` tags between the editing key and each user The `.content` is then encrypted from the editing private key to the viewing public key. ```js -val edittingKeyPair = nostr.generateKeyPair() +val editingKeyPair = nostr.generateKeyPair() val viewingKeyPair = nostr.generateKeyPair() { - "pubkey": edittingKeyPair.publicKey + "pubkey": editingKeyPair.publicKey "kind": 3xxxx or 1xxxx, "tags": [ ["d", ""] - ["p", "", "", nip44Encrypt(edittingKeyPair.privateKeyHex, edittingKeyPair.privateKey, "") ] - ["p", "", "", nip44Encrypt(edittingKeyPair.privateKeyHex, edittingKeyPair.privateKey, "") ] - ["p", "", "", nip44Encrypt(viewingKeyPair.privateKeyHex, edittingKeyPair.privateKey, "") ] // view only + ["p", "", "", nip44Encrypt(editingKeyPair.privateKeyHex, editingKeyPair.privateKey, "") ] + ["p", "", "", nip44Encrypt(editingKeyPair.privateKeyHex, editingKeyPair.privateKey, "") ] + ["p", "", "", nip44Encrypt(viewingKeyPair.privateKeyHex, editingKeyPair.privateKey, "") ] // view only ], - "content": nip44Encrypt("some text", edittingKeyPair.privateKey, viewingKeyPair.publicKey), - "sig": signWith(edittingKeyPair.privateKey) + "content": nip44Encrypt("some text", editingKeyPair.privateKey, viewingKeyPair.publicKey), + "sig": signWith(editingKeyPair.privateKey) // ... } ``` @@ -71,30 +71,31 @@ To decrypt the event, all receivers MUST: 3. calculate the public key of the shared key. 4. if the public key is the same as `.pubkey`, this is an editing key, if not this is the viewing key 5. if it is the editing key, decrypt all the other `p`-tag keys and find the viewing key -6. once both keys are known, decrypt the `.content` with `nip44Decrypt(event.content, viewingKeyPair.privatekey, event.pubkey)` +6. once the viewing key is known, decrypt the `.content` with `nip44Decrypt(event.content, viewingKeyPair.privatekey, event.pubkey)` +7. use the editing key to sign if known ### Special Case: No Viewing Keys -If the group if users that only have viewing permissions is empty there won't be a `p`-tag to host the viewing key. In those cases, the `.content` MUST then be encrypted to the editing public key. +When the group of users with viewing permissions is empty, there won't be a `p`-tag to host the viewing key. In those cases, the `.content` MUST be encrypted to the editing public key. ```js -val edittingKeyPair = nostr.generateKeyPair() +val editingKeyPair = nostr.generateKeyPair() { - "pubkey": edittingKeyPair.publicKey + "pubkey": editingKeyPair.publicKey "kind": 3xxxx or 1xxxx, "tags": [ ["d", ""] - ["p", "", "", nip44Encrypt(edittingKeyPair.privateKeyHex, edittingKeyPair.privateKey, "") ] - ["p", "", "", nip44Encrypt(edittingKeyPair.privateKeyHex, edittingKeyPair.privateKey, "") ] + ["p", "", "", nip44Encrypt(editingKeyPair.privateKeyHex, editingKeyPair.privateKey, "") ] + ["p", "", "", nip44Encrypt(editingKeyPair.privateKeyHex, editingKeyPair.privateKey, "") ] ], - "content": nip44Encrypt("some text", edittingKeyPair.privateKey, edittingKeyPair.publicKey), - "sig": signWith(edittingKeyPair.privateKey) + "content": nip44Encrypt("some text", editingKeyPair.privateKey, editingKeyPair.publicKey), + "sig": signWith(editingKeyPair.privateKey) // ... } ``` -Similarly, when decrypting the `.content`, if the receiver client can't find a viewing key, it SHOULD use the editing key to decrypt: `nip44Decrypt(event.content, edittingKeyPair.privateKey, edittingKeyPair.publcKey)` +Similarly, if the receiving client can't find a viewing key, it SHOULD use the editing public key to decrypt: `nip44Decrypt(event.content, editingKeyPair.privateKey, editingKeyPair.publcKey)` ## Final Considerations