From 7bf8ad68d03838131d31cdec4b283eba2a8d95d2 Mon Sep 17 00:00:00 2001 From: Vitor Pamplona Date: Tue, 7 May 2024 19:41:14 -0400 Subject: [PATCH] refinements. --- 73.md | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/73.md b/73.md index 24e299c4..1c62389b 100644 --- a/73.md +++ b/73.md @@ -81,11 +81,11 @@ The encryption in `.content` uses a NIP-44 conversation key between the author's ### Viewing permissions -Ready-only sharing is achieved by adding a `p` tag to each receiver with an encrypted private key that should be used to decrypt the `.content`. +Viewing permissions are shared by creating a new Nostr Private key, passing it to each user via a `p` tag, and encrypting the `.content` to that key. -The viewing private key is a new Nostr Private Key in hex, NIP-44-encrypted to each `p` tag and placed as a 4th value in each tag. +The viewing private key is NIP-44-encrypted to each `p` tag and placed as a 4th value in each tag. -The `.content` is then encrypted by a conversation key between the new author's private key and the viewing public key. +The `.content` is then encrypted by a conversation key between the new author's private key and the viewing's public key. ```js val viewingKeyPair = nostr.generateKeyPair() @@ -111,9 +111,12 @@ val viewingKeyPair = nostr.generateKeyPair() } ``` -with `nip44Encrypt("text to encrypt", sender.privatekey, receiver.publickey)`. +with `nip44Encrypt(textToEncrypt, sender.privatekey, receiver.publickey)`. -To decrypt, receivers SHOULD find the ciphertext in the `p`-tag for their key, decrypt that to get the viewing private key and use the viewing private key to decrypt the `.content`: `nip44Decrypt(event.content, viewing.privatekey, event.pubkey)` +To decrypt, receivers MUST: +1. find the ciphertext in the `p`-tag for their key +2. decrypt the ciphertext with `nip44Decrypt(tag[3], user.privatekey, event.pubkey)` to get the viewing private key +3. use the viewing private key to decrypt the `.content` with `nip44Decrypt(event.content, viewing.privatekey, event.pubkey)` Clients SHOULD include the author as a `p` tag to make sure the author can retieve the viewing key on updates of this event. @@ -121,8 +124,6 @@ Clients SHOULD include the author as a `p` tag to make sure the author can retie To share editing permissions, a new shareable key is needed to encrypt and sign the replaceable event. The editting key MUST be shared with other users through their `p` tags. At the same time, the viewing key can be shared with users to decrypt the event, but it doesn't allow them to change it. -The editting keyPair - ```js val edittingKeyPair = nostr.generateKeyPair() val viewingKeyPair = nostr.generateKeyPair() @@ -148,11 +149,16 @@ val viewingKeyPair = nostr.generateKeyPair() } ``` -Receivers SHOULD find the ciphertext for their key and decrypt that to get the shared private key. If the corresponding public key of the shared key is the `pubkey` of the event, this is the editing key and the receiving user has edit permissions. That permission also allows the receiving user to decrypt everybody's key and find the viewing key it would need to decrypt the `.content`. +Receivers MUST: +1. find the ciphertext for their key +2. decrypt the ciphertext to get a private key (`nip44Decrypt(tag[3], user.privatekey, event.pubkey)`). +3. If the corresponding public key of the key is the `pubkey` of the event, this is the editing key and the receiving user has edit permissions. +4. Use the editting key to decrypt all the other `p`-tag keys and find the viewing key +5. Once both keys are known, decrypt the `.content` with `nip44Decrypt(event.content, viewingKeyPair.privatekey, event.pubkey)` -### Special Case: No Viewing Group +### Special Case: No Viewing Keys -When no user has view permissions only, the `.content` MUST be encrypted to it's own public key. +When no user has view permissions only, there won't be another key in the event. The `.content` MUST then be encrypted to the signer's own public key. ```js val edittingKeyPair = nostr.generateKeyPair()