refinements.

This commit is contained in:
Vitor Pamplona 2024-05-07 19:41:14 -04:00
parent b0c79bc60a
commit 7bf8ad68d0

26
73.md
View File

@ -81,11 +81,11 @@ The encryption in `.content` uses a NIP-44 conversation key between the author's
### Viewing permissions ### Viewing permissions
Ready-only sharing is achieved by adding a `p` tag to each receiver with an encrypted private key that should be used to decrypt the `.content`. Viewing permissions are shared by creating a new Nostr Private key, passing it to each user via a `p` tag, and encrypting the `.content` to that key.
The viewing private key is a new Nostr Private Key in hex, NIP-44-encrypted to each `p` tag and placed as a 4th value in each tag. The viewing private key is NIP-44-encrypted to each `p` tag and placed as a 4th value in each tag.
The `.content` is then encrypted by a conversation key between the new author's private key and the viewing public key. The `.content` is then encrypted by a conversation key between the new author's private key and the viewing's public key.
```js ```js
val viewingKeyPair = nostr.generateKeyPair() val viewingKeyPair = nostr.generateKeyPair()
@ -111,9 +111,12 @@ val viewingKeyPair = nostr.generateKeyPair()
} }
``` ```
with `nip44Encrypt("text to encrypt", sender.privatekey, receiver.publickey)`. with `nip44Encrypt(textToEncrypt, sender.privatekey, receiver.publickey)`.
To decrypt, receivers SHOULD find the ciphertext in the `p`-tag for their key, decrypt that to get the viewing private key and use the viewing private key to decrypt the `.content`: `nip44Decrypt(event.content, viewing.privatekey, event.pubkey)` To decrypt, receivers MUST:
1. find the ciphertext in the `p`-tag for their key
2. decrypt the ciphertext with `nip44Decrypt(tag[3], user.privatekey, event.pubkey)` to get the viewing private key
3. use the viewing private key to decrypt the `.content` with `nip44Decrypt(event.content, viewing.privatekey, event.pubkey)`
Clients SHOULD include the author as a `p` tag to make sure the author can retieve the viewing key on updates of this event. Clients SHOULD include the author as a `p` tag to make sure the author can retieve the viewing key on updates of this event.
@ -121,8 +124,6 @@ Clients SHOULD include the author as a `p` tag to make sure the author can retie
To share editing permissions, a new shareable key is needed to encrypt and sign the replaceable event. The editting key MUST be shared with other users through their `p` tags. At the same time, the viewing key can be shared with users to decrypt the event, but it doesn't allow them to change it. To share editing permissions, a new shareable key is needed to encrypt and sign the replaceable event. The editting key MUST be shared with other users through their `p` tags. At the same time, the viewing key can be shared with users to decrypt the event, but it doesn't allow them to change it.
The editting keyPair
```js ```js
val edittingKeyPair = nostr.generateKeyPair() val edittingKeyPair = nostr.generateKeyPair()
val viewingKeyPair = nostr.generateKeyPair() val viewingKeyPair = nostr.generateKeyPair()
@ -148,11 +149,16 @@ val viewingKeyPair = nostr.generateKeyPair()
} }
``` ```
Receivers SHOULD find the ciphertext for their key and decrypt that to get the shared private key. If the corresponding public key of the shared key is the `pubkey` of the event, this is the editing key and the receiving user has edit permissions. That permission also allows the receiving user to decrypt everybody's key and find the viewing key it would need to decrypt the `.content`. Receivers MUST:
1. find the ciphertext for their key
2. decrypt the ciphertext to get a private key (`nip44Decrypt(tag[3], user.privatekey, event.pubkey)`).
3. If the corresponding public key of the key is the `pubkey` of the event, this is the editing key and the receiving user has edit permissions.
4. Use the editting key to decrypt all the other `p`-tag keys and find the viewing key
5. Once both keys are known, decrypt the `.content` with `nip44Decrypt(event.content, viewingKeyPair.privatekey, event.pubkey)`
### Special Case: No Viewing Group ### Special Case: No Viewing Keys
When no user has view permissions only, the `.content` MUST be encrypted to it's own public key. When no user has view permissions only, there won't be another key in the event. The `.content` MUST then be encrypted to the signer's own public key.
```js ```js
val edittingKeyPair = nostr.generateKeyPair() val edittingKeyPair = nostr.generateKeyPair()