From b5a7b67d78ad2b8ea52d81704be6b71a9cc80dac Mon Sep 17 00:00:00 2001 From: Semisol <45574030+Semisol@users.noreply.github.com> Date: Mon, 3 Jul 2023 18:02:15 +0300 Subject: [PATCH 01/89] Clarify JSON serialization for the `id` field --- 01.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/01.md b/01.md index 2ff81ebf..9258d2f7 100644 --- a/01.md +++ b/01.md @@ -30,7 +30,7 @@ The only object type that exists is the `event`, which has the following format } ``` -To obtain the `event.id`, we `sha256` the serialized event. The serialization is done over the UTF-8 JSON-serialized string (with no white space or line breaks) of the following structure: +To obtain the `event.id`, we `sha256` the serialized event. The serialization is done over the UTF-8 JSON-serialized string (which is described below) of the following structure: ```json [ @@ -43,6 +43,14 @@ To obtain the `event.id`, we `sha256` the serialized event. The serialization is ] ``` +To prevent implementation differences from creating a different event ID for the same event, the following rules MUST be followed while serializing: +- No whitespace, line breaks or other unnecessary formatting should be included in the output JSON. +- No characters except the following should be escaped, and instead should be included verbatim: + - The line break, `0x0A`, as `\n` + - A double quote, `0x22`, as `\"` + - A backspace, `0x5C`, as `\\` +- UTF-8 should be used for encoding. + ## Communication between clients and relays Relays expose a websocket endpoint to which clients can connect. From 3f8658ecc11e593f85a6a8d7de109d0b8f3254df Mon Sep 17 00:00:00 2001 From: Semisol <45574030+Semisol@users.noreply.github.com> Date: Tue, 4 Jul 2023 13:49:52 +0300 Subject: [PATCH 02/89] Fix typo --- 01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01.md b/01.md index 9258d2f7..70aae443 100644 --- a/01.md +++ b/01.md @@ -48,7 +48,7 @@ To prevent implementation differences from creating a different event ID for the - No characters except the following should be escaped, and instead should be included verbatim: - The line break, `0x0A`, as `\n` - A double quote, `0x22`, as `\"` - - A backspace, `0x5C`, as `\\` + - A backslash, `0x5C`, as `\\` - UTF-8 should be used for encoding. ## Communication between clients and relays From 21d71791c89f41fb93f84b69d6db253bb7b403c4 Mon Sep 17 00:00:00 2001 From: Semisol <45574030+Semisol@users.noreply.github.com> Date: Tue, 4 Jul 2023 13:55:15 +0300 Subject: [PATCH 03/89] Add carriage returns and tab characters since those may be in some events --- 01.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/01.md b/01.md index 70aae443..f5673b38 100644 --- a/01.md +++ b/01.md @@ -49,6 +49,8 @@ To prevent implementation differences from creating a different event ID for the - The line break, `0x0A`, as `\n` - A double quote, `0x22`, as `\"` - A backslash, `0x5C`, as `\\` + - A carriage return, `0x0D`, as `\r` + - A tab character, `0x09`, as `\t` - UTF-8 should be used for encoding. ## Communication between clients and relays From 4d709d1804de45bab3739ce814d4b0c0b211c273 Mon Sep 17 00:00:00 2001 From: Semisol <45574030+Semisol@users.noreply.github.com> Date: Fri, 17 Nov 2023 18:12:47 +0300 Subject: [PATCH 04/89] add form feed and backspace --- 01.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/01.md b/01.md index f5673b38..0840f2e6 100644 --- a/01.md +++ b/01.md @@ -46,11 +46,13 @@ To obtain the `event.id`, we `sha256` the serialized event. The serialization is To prevent implementation differences from creating a different event ID for the same event, the following rules MUST be followed while serializing: - No whitespace, line breaks or other unnecessary formatting should be included in the output JSON. - No characters except the following should be escaped, and instead should be included verbatim: - - The line break, `0x0A`, as `\n` + - A line break, `0x0A`, as `\n` - A double quote, `0x22`, as `\"` - A backslash, `0x5C`, as `\\` - A carriage return, `0x0D`, as `\r` - A tab character, `0x09`, as `\t` + - A backspace, `0x08`, as `\b` + - A form feed, `0x0C`, as `\f` - UTF-8 should be used for encoding. ## Communication between clients and relays From cb37a9320e10fcc4d8c064571461311ca613a1d5 Mon Sep 17 00:00:00 2001 From: fiatjaf Date: Wed, 18 Oct 2023 11:48:18 -0300 Subject: [PATCH 05/89] rewrite NIP-46. --- 46.md | 178 +++++++++++++++++----------------------------------------- 1 file changed, 50 insertions(+), 128 deletions(-) diff --git a/46.md b/46.md index 53185416..ccdb535e 100644 --- a/46.md +++ b/46.md @@ -2,161 +2,83 @@ NIP-46 ====== Nostr Connect ------------------------- +------------- `draft` `optional` -## Rationale +This NIP describes a method for 2-way communication between a **remote signer** and a normal Nostr client. The remote signer could be, for example, a hardware device dedicated to signing Nostr events, while the client is a normal Nostr client. -Private keys should be exposed to as few systems - apps, operating systems, devices - as possible as each system adds to the attack surface. +## Signer Discovery -Entering private keys can also be annoying and requires exposing them to even more systems such as the operating system's clipboard that might be monitored by malicious apps. +The client must somehow be able to contact the signer through a common relay. +### Started by the signer -## Terms +The remote signer generates a connection token in the form -* **App**: Nostr app on any platform that *requires* to act on behalf of a nostr account. -* **Signer**: Nostr app that holds the private key of a nostr account and *can sign* on its behalf. +``` +#?relay=wss://...&relay=wss://... +``` +The user copies that token and pastes it in the client UI somehow. Then the client can send events of kind `24133` to the specified relays and wait for responses from the remote signer. -## `TL;DR` +### Started by the client +The client generates a QR code in the following form (URL-encoded): -**App** and **Signer** sends ephemeral encrypted messages to each other using kind `24133`, using a relay of choice. +``` +nostrconnect://?relay=wss://...&metadata={"name":"client-name"} +``` -App prompts the Signer to do things such as fetching the public key or signing events. +The signer scans the QR code and sends a `connect` message to the client in the specified relays. -The `content` field must be an encrypted JSONRPC-ish **request** or **response**. +## Event payloads -## Signer Protocol +Event payloads are [NIP-04](04.md)-encrypted JSON blobs that look like JSONRPC. -### Messages +Events sent by the client to the remote signer have the following format: -#### Request - -```json +```js { - "id": , - "method": , - "params": [, ] + "pubkey": "" + "kind": 24133, + "tags": [ + ["p", ""] + ], + "content": "nip04_encrypted_json({id: , method: , params: []})", + ... } ``` -#### Response +And the events the remote signer sends to the client have the following format: -```json -{ - "id": , - "result": , - "error": -} +```js + "pubkey": "" + "kind": 24133, + "tags": [ + ["p", ""] + ], + "content": "nip04_encrypted_json({id: , result: , error: })", + ... ``` ### Methods - -#### Mandatory - -These are mandatory methods the remote signer app MUST implement: - -- **describe** - - params [] - - result `["describe", "get_public_key", "sign_event", "connect", "disconnect", "delegate", ...]` -- **get_public_key** - - params [] - - result `pubkey` -- **sign_event** - - params [`event`] - - result `event_with_signature` - -#### optional - - - **connect** - - params [`pubkey`] -- **disconnect** - - params [] -- **delegate** - - params [`delegatee`, `{ kind: number, since: number, until: number }`] - - result `{ from: string, to: string, cond: string, sig: string }` + - params: [`pubkey`, `secret`] + - result: `null` +- **get_public_key** + - params: [] + - result: `pubkey` +- **sign_event** + - params: [`event`] + - result: `event_with_pubkey_id_and_signature` - **get_relays** - - params [] - - result `{ [url: string]: {read: boolean, write: boolean} }` + - params: [] + - result: `{ [url: string]: {read: boolean, write: boolean} }` - **nip04_encrypt** - - params [`pubkey`, `plaintext`] - - result `nip4 ciphertext` + - params: [`pubkey`, `plaintext`] + - result: `nip4 ciphertext` - **nip04_decrypt** - - params [`pubkey`, `nip4 ciphertext`] - - result [`plaintext`] - - -NOTICE: `pubkey` and `signature` are hex-encoded strings. - - -### Nostr Connect URI - -**Signer** discovers **App** by scanning a QR code, clicking on a deep link or copy-pasting an URI. - -The **App** generates a special URI with prefix `nostrconnect://` and base path the hex-encoded `pubkey` with the following querystring parameters **URL encoded** - -- `relay` URL of the relay of choice where the **App** is connected and the **Signer** must send and listen for messages. -- `metadata` metadata JSON of the **App** - - `name` human-readable name of the **App** - - `url` (optional) URL of the website requesting the connection - - `description` (optional) description of the **App** - - `icons` (optional) array of URLs for icons of the **App**. - -#### JavaScript - -```js -const uri = `nostrconnect://?relay=${encodeURIComponent("wss://relay.damus.io")}&metadata=${encodeURIComponent(JSON.stringify({"name": "Example"}))}` -``` - -#### Example -```sh -nostrconnect://b889ff5b1513b641e2a139f661a661364979c5beee91842f8f0ef42ab558e9d4?relay=wss%3A%2F%2Frelay.damus.io&metadata=%7B%22name%22%3A%22Example%22%7D -``` - - - -## Flows - -The `content` field contains encrypted message as specified by [NIP04](https://github.com/nostr-protocol/nips/blob/master/04.md). The `kind` chosen is `24133`. - -### Connect - -1. User clicks on **"Connect"** button on a website or scan it with a QR code -2. It will show an URI to open a "nostr connect" enabled **Signer** -3. In the URI there is a pubkey of the **App** ie. `nostrconnect://&relay=&metadata=` -4. The **Signer** will send a message to ACK the `connect` request, along with his public key - -### Disconnect (from App) - -1. User clicks on **"Disconnect"** button on the **App** -2. The **App** will send a message to the **Signer** with a `disconnect` request -3. The **Signer** will send a message to ACK the `disconnect` request - -### Disconnect (from Signer) - -1. User clicks on **"Disconnect"** button on the **Signer** -2. The **Signer** will send a message to the **App** with a `disconnect` request - - -### Get Public Key - -1. The **App** will send a message to the **Signer** with a `get_public_key` request -3. The **Signer** will send back a message with the public key as a response to the `get_public_key` request - -### Sign Event - -1. The **App** will send a message to the **Signer** with a `sign_event` request along with the **event** to be signed -2. The **Signer** will show a popup to the user to inspect the event and sign it -3. The **Signer** will send back a message with the event including the `id` and the schnorr `signature` as a response to the `sign_event` request - -### Delegate - -1. The **App** will send a message with metadata to the **Signer** with a `delegate` request along with the **conditions** query string and the **pubkey** of the **App** to be delegated. -2. The **Signer** will show a popup to the user to delegate the **App** to sign on his behalf -3. The **Signer** will send back a message with the signed [NIP-26 delegation token](https://github.com/nostr-protocol/nips/blob/master/26.md) or reject it - - + - params: [`pubkey`, `nip4 ciphertext`] + - result: [`plaintext`] From c5c2d86a479d1ca52065b50faddc72220c3896cf Mon Sep 17 00:00:00 2001 From: fiatjaf_ Date: Tue, 21 Nov 2023 20:49:35 -0300 Subject: [PATCH 06/89] peer-pubkey Co-authored-by: monlovesmango <96307647+monlovesmango@users.noreply.github.com> --- 46.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/46.md b/46.md index ccdb535e..baefa4b4 100644 --- a/46.md +++ b/46.md @@ -80,5 +80,5 @@ And the events the remote signer sends to the client have the following format: - params: [`pubkey`, `plaintext`] - result: `nip4 ciphertext` - **nip04_decrypt** - - params: [`pubkey`, `nip4 ciphertext`] + - params: [`peer-pubkey`, `nip4 ciphertext`] - result: [`plaintext`] From e4bddbee7b90b701ea2041532c88935f5176850e Mon Sep 17 00:00:00 2001 From: fiatjaf_ Date: Tue, 21 Nov 2023 22:25:19 -0300 Subject: [PATCH 07/89] peer-pubkey Co-authored-by: monlovesmango <96307647+monlovesmango@users.noreply.github.com> --- 46.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/46.md b/46.md index baefa4b4..6610e82c 100644 --- a/46.md +++ b/46.md @@ -77,7 +77,7 @@ And the events the remote signer sends to the client have the following format: - params: [] - result: `{ [url: string]: {read: boolean, write: boolean} }` - **nip04_encrypt** - - params: [`pubkey`, `plaintext`] + - params: [`peer-pubkey`, `plaintext`] - result: `nip4 ciphertext` - **nip04_decrypt** - params: [`peer-pubkey`, `nip4 ciphertext`] From 6c35537ca425f154ca1c92897ab0eac599a80c87 Mon Sep 17 00:00:00 2001 From: fiatjaf Date: Tue, 21 Nov 2023 22:31:13 -0300 Subject: [PATCH 08/89] @v0l improvements. --- 46.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/46.md b/46.md index 6610e82c..1a9be035 100644 --- a/46.md +++ b/46.md @@ -10,7 +10,7 @@ This NIP describes a method for 2-way communication between a **remote signer** ## Signer Discovery -The client must somehow be able to contact the signer through a common relay. +The client always starts by generating a random key which is used to communicate with the signer, then it one of the methods below is used to allow the client to know what is the signer public key for the session and which relays to use. ### Started by the signer @@ -27,7 +27,7 @@ The user copies that token and pastes it in the client UI somehow. Then the clie The client generates a QR code in the following form (URL-encoded): ``` -nostrconnect://?relay=wss://...&metadata={"name":"client-name"} +nostrconnect://?relay=wss://...&metadata={"name":"...", "url": "...", "description": "..."} ``` The signer scans the QR code and sends a `connect` message to the client in the specified relays. From 3983a52d3bb720852090ee02911f56ee2701dd73 Mon Sep 17 00:00:00 2001 From: fiatjaf Date: Sat, 2 Dec 2023 14:45:10 -0300 Subject: [PATCH 09/89] latest discoveries. --- 46.md | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/46.md b/46.md index 1a9be035..ce319709 100644 --- a/46.md +++ b/46.md @@ -12,12 +12,12 @@ This NIP describes a method for 2-way communication between a **remote signer** The client always starts by generating a random key which is used to communicate with the signer, then it one of the methods below is used to allow the client to know what is the signer public key for the session and which relays to use. -### Started by the signer +### Started by the signer (nsecBunker) The remote signer generates a connection token in the form ``` -#?relay=wss://...&relay=wss://... +#?relay=wss://...&relay=wss://... ``` The user copies that token and pastes it in the client UI somehow. Then the client can send events of kind `24133` to the specified relays and wait for responses from the remote signer. @@ -34,7 +34,7 @@ The signer scans the QR code and sends a `connect` message to the client in the ## Event payloads -Event payloads are [NIP-04](04.md)-encrypted JSON blobs that look like JSONRPC. +Event payloads are [NIP-04](04.md)-encrypted JSON blobs that look like JSONRPC messages (their format is specified inside the `.content` of the event formats nelow). Events sent by the client to the remote signer have the following format: @@ -45,7 +45,7 @@ Events sent by the client to the remote signer have the following format: "tags": [ ["p", ""] ], - "content": "nip04_encrypted_json({id: , method: , params: []})", + "content": "nip04_encrypted_json({id: , method: , params: [array_of_strings]})", ... } ``` @@ -58,27 +58,29 @@ And the events the remote signer sends to the client have the following format: "tags": [ ["p", ""] ], - "content": "nip04_encrypted_json({id: , result: , error: })", + "content": "nip04_encrypted_json({id: , result: , error: })", ... ``` +The signer key will always be the key of the user who controls the signer device. + ### Methods - **connect** - params: [`pubkey`, `secret`] - - result: `null` + - result: `"ack"` - **get_public_key** - params: [] - - result: `pubkey` + - result: `pubkey-hex` - **sign_event** - params: [`event`] - - result: `event_with_pubkey_id_and_signature` + - result: `json_string(event_with_pubkey_id_and_signature)` - **get_relays** - params: [] - - result: `{ [url: string]: {read: boolean, write: boolean} }` + - result: `json_string({[url: string]: {read: boolean, write: boolean}})` - **nip04_encrypt** - - params: [`peer-pubkey`, `plaintext`] - - result: `nip4 ciphertext` + - params: [`third-party-pubkey`, `plaintext`] + - result: `nip04-ciphertext` - **nip04_decrypt** - - params: [`peer-pubkey`, `nip4 ciphertext`] - - result: [`plaintext`] + - params: [`third-party-pubkey`, `nip04-ciphertext`] + - result: `plaintext` From 0146892501d63042d13724bae7c887bfa985e251 Mon Sep 17 00:00:00 2001 From: Alex Gleason Date: Thu, 7 Dec 2023 10:01:57 -0600 Subject: [PATCH 10/89] NIP-02: Rename Contact List to Follow List --- 02.md | 20 ++++++++++---------- README.md | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/02.md b/02.md index 0653d062..8c47a5f7 100644 --- a/02.md +++ b/02.md @@ -1,12 +1,12 @@ NIP-02 ====== -Contact List and Petnames -------------------------- +Follow List +----------- `final` `optional` -A special event with kind `3`, meaning "contact list" is defined as having a list of `p` tags, one for each of the followed/known profiles one is following. +A special event with kind `3`, meaning "follow list" is defined as having a list of `p` tags, one for each of the followed/known profiles one is following. Each tag entry should contain the key for the profile, a relay URL where events from that key can be found (can be set to an empty string if not needed), and a local name (or "petname") for that profile (can also be set to an empty string or not provided), i.e., `["p", <32-bytes hex key>,
, ]`. The `content` can be anything and should be ignored. @@ -25,27 +25,27 @@ For example: } ``` -Every new contact list that gets published overwrites the past ones, so it should contain all entries. Relays and clients SHOULD delete past contact lists as soon as they receive a new one. +Every new following list that gets published overwrites the past ones, so it should contain all entries. Relays and clients SHOULD delete past following lists as soon as they receive a new one. ## Uses -### Contact list backup +### Follow list backup If one believes a relay will store their events for sufficient time, they can use this kind-3 event to backup their following list and recover on a different device. ### Profile discovery and context augmentation -A client may rely on the kind-3 event to display a list of followed people by profiles one is browsing; make lists of suggestions on who to follow based on the contact lists of other people one might be following or browsing; or show the data in other contexts. +A client may rely on the kind-3 event to display a list of followed people by profiles one is browsing; make lists of suggestions on who to follow based on the follow lists of other people one might be following or browsing; or show the data in other contexts. ### Relay sharing -A client may publish a full list of contacts with good relays for each of their contacts so other clients may use these to update their internal relay lists if needed, increasing censorship-resistance. +A client may publish a follow list with good relays for each of their follows so other clients may use these to update their internal relay lists if needed, increasing censorship-resistance. ### Petname scheme -The data from these contact lists can be used by clients to construct local ["petname"](http://www.skyhunter.com/marcs/petnames/IntroPetNames.html) tables derived from other people's contact lists. This alleviates the need for global human-readable names. For example: +The data from these follow lists can be used by clients to construct local ["petname"](http://www.skyhunter.com/marcs/petnames/IntroPetNames.html) tables derived from other people's follow lists. This alleviates the need for global human-readable names. For example: -A user has an internal contact list that says +A user has an internal follow list that says ```json [ @@ -53,7 +53,7 @@ A user has an internal contact list that says ] ``` -And receives two contact lists, one from `21df6d143fb96c2ec9d63726bf9edc71` that says +And receives two follow lists, one from `21df6d143fb96c2ec9d63726bf9edc71` that says ```json [ diff --git a/README.md b/README.md index 47b59860..6b83490c 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos ## List - [NIP-01: Basic protocol flow description](01.md) -- [NIP-02: Contact List and Petnames](02.md) +- [NIP-02: Follow List](02.md) - [NIP-03: OpenTimestamps Attestations for Events](03.md) - [NIP-04: Encrypted Direct Message](04.md) - [NIP-05: Mapping Nostr keys to DNS-based internet identifiers](05.md) @@ -80,7 +80,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `0` | Metadata | [1](01.md) | | `1` | Short Text Note | [1](01.md) | | `2` | Recommend Relay | | -| `3` | Contacts | [2](02.md) | +| `3` | Follows | [2](02.md) | | `4` | Encrypted Direct Messages | [4](04.md) | | `5` | Event Deletion | [9](09.md) | | `6` | Repost | [18](18.md) | From d0aef4c1581807a046b00396f67f3dd03cf599e8 Mon Sep 17 00:00:00 2001 From: Pablo Fernandez Date: Thu, 7 Dec 2023 17:01:25 +0000 Subject: [PATCH 11/89] add nip-44 calls --- 46.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/46.md b/46.md index ce319709..3ab71e9c 100644 --- a/46.md +++ b/46.md @@ -84,3 +84,15 @@ The signer key will always be the key of the user who controls the signer device - **nip04_decrypt** - params: [`third-party-pubkey`, `nip04-ciphertext`] - result: `plaintext` +- **nip44_get_key** + - params: [`third-party-pubkey`] + - result: `nip44-conversation-key` +- **nip44_encrypt** + - params: [`third-party-pubkey`, `plaintext`] + - result: `nip44-ciphertext` +- **nip44_decrypt** + - params: [`third-party-pubkey`, `nip44-ciphertext`] + - result: `plaintext` +- **ping** + - params: [] + - result: `"pong"` From ef106ecccad2f764f80cae85f2bc666a419f9e20 Mon Sep 17 00:00:00 2001 From: fiatjaf Date: Thu, 7 Dec 2023 21:18:45 -0300 Subject: [PATCH 12/89] nip-42 phrasing. --- 42.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/42.md b/42.md index 07a04864..8c70de49 100644 --- a/42.md +++ b/42.md @@ -20,19 +20,19 @@ A relay may want to require clients to authenticate to access restricted resourc ### New client-relay protocol messages -This NIP defines a new message, `AUTH`, which relays can send when they support authentication and clients can send to relays when they want to authenticate. When sent by relays, the message is of the following form: +This NIP defines a new message, `AUTH`, which relays CAN send when they support authentication and clients can send to relays when they want to authenticate. When sent by relays the message has the following form: ```json ["AUTH", ] ``` -And, when sent by clients, of the following form: +And, when sent by clients, the following form: ```json ["AUTH", ] ``` -`AUTH` messages sent by clients should be answered with an `OK` message, like any `EVENT` message. +`AUTH` messages sent by clients MUST be answered with an `OK` message, like any `EVENT` message. ### Canonical authentication event From b8308a9a040005c7a06369d6f71a6f2db6ee9c92 Mon Sep 17 00:00:00 2001 From: Terry Yiu <963907+tyiu@users.noreply.github.com> Date: Sun, 3 Dec 2023 10:29:59 +0000 Subject: [PATCH 13/89] Amend NIP-52 to require the content field to be provided, and decouple calendar identifier from calendar name --- 52.md | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/52.md b/52.md index 15cc8fc5..71b1df26 100644 --- a/52.md +++ b/52.md @@ -22,14 +22,14 @@ This kind of calendar event starts on a date and ends before a different date in The format uses a parameterized replaceable event kind `31922`. -The `.content` of these events is optional and should be a detailed description of the calendar event. +The `.content` of these events should be a detailed description of the calendar event. It is required but can be an empty string. The list of tags are as follows: * `d` (required) universally unique identifier (UUID). Generated by the client creating the calendar event. * `name` (required) name of the calendar event * `start` (required) inclusive start date in ISO 8601 format (YYYY-MM-DD). Must be less than `end`, if it exists. * `end` (optional) exclusive end date in ISO 8601 format (YYYY-MM-DD). If omitted, the calendar event ends on the same date as `start`. -* `location` (optional) location of the calendar event. e.g. address, GPS coordinates, meeting room name, link to video call +* `location` (optional, repeated) location of the calendar event. e.g. address, GPS coordinates, meeting room name, link to video call * `g` (optional) [geohash](https://en.wikipedia.org/wiki/Geohash) to associate calendar event with a searchable physical location * `p` (optional, repeated) 32-bytes hex pubkey of a participant, optional recommended relay URL, and participant's role in the meeting * `t` (optional, repeated) hashtag to categorize calendar event @@ -78,7 +78,7 @@ This kind of calendar event spans between a start time and end time. The format uses a parameterized replaceable event kind `31923`. -The `.content` of these events is optional and should be a detailed description of the calendar event. +The `.content` of these events should be a detailed description of the calendar event. It is required but can be an empty string. The list of tags are as follows: * `d` (required) universally unique identifier (UUID). Generated by the client creating the calendar event. @@ -87,7 +87,7 @@ The list of tags are as follows: * `end` (optional) exclusive end Unix timestamp in seconds. If omitted, the calendar event ends instantaneously. * `start_tzid` (optional) time zone of the start timestamp, as defined by the IANA Time Zone Database. e.g., `America/Costa_Rica` * `end_tzid` (optional) time zone of the end timestamp, as defined by the IANA Time Zone Database. e.g., `America/Costa_Rica`. If omitted and `start_tzid` is provided, the time zone of the end timestamp is the same as the start timestamp. -* `location` (optional) location of the calendar event. e.g. address, GPS coordinates, meeting room name, link to video call +* `location` (optional, repeated) location of the calendar event. e.g. address, GPS coordinates, meeting room name, link to video call * `g` (optional) [geohash](https://en.wikipedia.org/wiki/Geohash) to associate calendar event with a searchable physical location * `p` (optional, repeated) 32-bytes hex pubkey of a participant, optional recommended relay URL, and participant's role in the meeting * `t` (optional, repeated) hashtag to categorize calendar event @@ -137,15 +137,23 @@ A calendar is a collection of calendar events, represented as a custom replaceab ### Format +The `.content` of these events should be a detailed description of the calendar. It is required but can be an empty string. + The format uses a custom replaceable list of kind `31924` with a list of tags as described below: -* `d` (required) calendar name +* `d` (required) universally unique identifier. Generated by the client creating the calendar. +* `name` (required) calendar name * `a` (repeated) reference tag to kind `31922` or `31923` calendar event being responded to ```json { + "id": <32-bytes lowercase hex-encoded SHA-256 of the the serialized event data>, + "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>, + "created_at": , "kind": 31924, + "content": "", "tags": [ - ["d", ""], + ["d", ""], + ["name", ""], ["a", "<31922 or 31923>::", ""], ["a", "<31922 or 31923>::", ""] ] From ec08d65665fd533be685702501b69fe9ce7bdd24 Mon Sep 17 00:00:00 2001 From: Terry Yiu <963907+tyiu@users.noreply.github.com> Date: Fri, 8 Dec 2023 09:59:44 -0800 Subject: [PATCH 14/89] Deprecate 'name' for 'title' on calendar events and add 'title' as a shared tag via NIP-24 --- 24.md | 1 + 52.md | 18 ++++++++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/24.md b/24.md index f830b68d..d444a4bc 100644 --- a/24.md +++ b/24.md @@ -39,3 +39,4 @@ tags These tags may be present in multiple event kinds. Whenever a different meaning is not specified by some more specific NIP, they have the following meanings: - `r`: a web URL the event is referring to in some way + - `title`: title of the event diff --git a/52.md b/52.md index 71b1df26..4ec68369 100644 --- a/52.md +++ b/52.md @@ -26,7 +26,7 @@ The `.content` of these events should be a detailed description of the calendar The list of tags are as follows: * `d` (required) universally unique identifier (UUID). Generated by the client creating the calendar event. -* `name` (required) name of the calendar event +* `title` (required) title of the calendar event * `start` (required) inclusive start date in ISO 8601 format (YYYY-MM-DD). Must be less than `end`, if it exists. * `end` (optional) exclusive end date in ISO 8601 format (YYYY-MM-DD). If omitted, the calendar event ends on the same date as `start`. * `location` (optional, repeated) location of the calendar event. e.g. address, GPS coordinates, meeting room name, link to video call @@ -35,6 +35,9 @@ The list of tags are as follows: * `t` (optional, repeated) hashtag to categorize calendar event * `r` (optional, repeated) references / links to web pages, documents, video calls, recorded videos, etc. +The following tags are deprecated: +* `name` name of the calendar event. Use only if `title` is not available. + ```json { "id": <32-bytes lowercase hex-encoded SHA-256 of the the serialized event data>, @@ -45,7 +48,7 @@ The list of tags are as follows: "tags": [ ["d", ""], - ["name", ""], + ["title", ""], // Dates ["start", "<YYYY-MM-DD>"], @@ -82,7 +85,7 @@ The `.content` of these events should be a detailed description of the calendar The list of tags are as follows: * `d` (required) universally unique identifier (UUID). Generated by the client creating the calendar event. -* `name` (required) name of the calendar event +* `title` (required) title of the calendar event * `start` (required) inclusive start Unix timestamp in seconds. Must be less than `end`, if it exists. * `end` (optional) exclusive end Unix timestamp in seconds. If omitted, the calendar event ends instantaneously. * `start_tzid` (optional) time zone of the start timestamp, as defined by the IANA Time Zone Database. e.g., `America/Costa_Rica` @@ -93,6 +96,9 @@ The list of tags are as follows: * `t` (optional, repeated) hashtag to categorize calendar event * `r` (optional, repeated) references / links to web pages, documents, video calls, recorded videos, etc. +The following tags are deprecated: +* `name` name of the calendar event. Use only if `title` is not available. + ```json { "id": <32-bytes lowercase hex-encoded SHA-256 of the the serialized event data>, @@ -103,7 +109,7 @@ The list of tags are as follows: "tags": [ ["d", "<UUID>"], - ["name", "<name of calendar event>"], + ["title", "<title of calendar event>"], // Timestamps ["start", "<Unix timestamp in seconds>"], @@ -141,7 +147,7 @@ The `.content` of these events should be a detailed description of the calendar. The format uses a custom replaceable list of kind `31924` with a list of tags as described below: * `d` (required) universally unique identifier. Generated by the client creating the calendar. -* `name` (required) calendar name +* `title` (required) calendar title * `a` (repeated) reference tag to kind `31922` or `31923` calendar event being responded to ```json @@ -153,7 +159,7 @@ The format uses a custom replaceable list of kind `31924` with a list of tags as "content": "<description of calendar>", "tags": [ ["d", "<UUID>"], - ["name", "<calendar name>"], + ["title", "<calendar title>"], ["a", "<31922 or 31923>:<calendar event author pubkey>:<d-identifier of calendar event>", "<optional relay url>"], ["a", "<31922 or 31923>:<calendar event author pubkey>:<d-identifier of calendar event>", "<optional relay url>"] ] From 822b70a565678222706dd6284eb7abcaadfc5115 Mon Sep 17 00:00:00 2001 From: Paul Miller <paul@paulmillr.com> Date: Wed, 20 Dec 2023 13:22:02 +0100 Subject: [PATCH 15/89] NIP44 encryption standard, revision 3 (#746) * Introduce NIP-44 encryption standard * Finalize NIP-44 * Update spec. --------- Co-authored-by: Jonathan Staab <shtaab@gmail.com> --- 04.md | 4 +- 07.md | 6 +- 44.md | 296 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 46.md | 1 + README.md | 3 +- 5 files changed, 306 insertions(+), 4 deletions(-) create mode 100644 44.md diff --git a/04.md b/04.md index bf6767b7..dc232b40 100644 --- a/04.md +++ b/04.md @@ -1,10 +1,12 @@ +> __Warning__ `unrecommended`: deprecated in favor of [NIP-44](44.md) + NIP-04 ====== Encrypted Direct Message ------------------------ -`final` `optional` +`final` `unrecommended` `optional` A special event with kind `4`, meaning "encrypted direct message". It is supposed to have the following attributes: diff --git a/07.md b/07.md index aa0a5f4b..6db05971 100644 --- a/07.md +++ b/07.md @@ -18,8 +18,10 @@ async window.nostr.signEvent(event: { created_at: number, kind: number, tags: st Aside from these two basic above, the following functions can also be implemented optionally: ``` async window.nostr.getRelays(): { [url: string]: {read: boolean, write: boolean} } // returns a basic map of relay urls to relay policies -async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04 -async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 +async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04 (deprecated) +async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 (deprecated) +async window.nostr.nip44.encrypt(sender_privkey, recipient_pubkey, plaintext, version): string // returns encrypted payload as specified in nip-44 +async window.nostr.nip44.decrypt(recipient_privkey, sender_pubkey, payload): string // takes encrypted payload as specified in nip-44 ``` ### Implementation diff --git a/44.md b/44.md new file mode 100644 index 00000000..1282d261 --- /dev/null +++ b/44.md @@ -0,0 +1,296 @@ +# NIP-44 + +## Encrypted Payloads (Versioned) + +`optional` `author:paulmillr` `author:staab` + +The NIP introduces a new data format for keypair-based encryption. This NIP is versioned +to allow multiple algorithm choices to exist simultaneously. + +Nostr is a key directory. Every nostr user has their own public key, which solves key +distribution problems present in other solutions. The goal of this NIP is to have a +simple way to send messages between nostr accounts that cannot be read by everyone. + +The scheme has a number of important shortcomings: + +- No deniability: it is possible to prove the event was signed by a particular key +- No forward secrecy: when a user key is compromised, it is possible to decrypt all previous conversations +- No post-compromise security: when a user key is compromised, it is possible to decrypt all future conversations +- No post-quantum security: a powerful quantum computer would be able to decrypt the messages +- IP address leak: user IP may be seen by relays and all intermediaries between user and relay +- Date leak: the message date is public, since it is a part of NIP 01 event +- Limited message size leak: padding only partially obscures true message length +- No attachments: they are not supported + +Lack of forward secrecy is partially mitigated: 1) the messages +should only be stored on relays, specified by the user, instead of a set of +all public relays 2) the relays are supposed to regularly delete older messages. + +For risky situations, users should chat in specialized E2EE messaging software and limit use +of nostr to exchanging contacts. + +## Dependence on NIP-01 + +It's not enough to use NIP-44 for encryption: the output must also be signed. + +In nostr case, the payload is serialized and signed as per NIP-01 rules. + +The same event can be serialized in two different ways, +resulting in two distinct signatures. So, it's important +to ensure serialization rules, which are defined in NIP-01, +are the same across different NIP-44 implementations. + +After serialization, the event is signed by Schnorr signature over secp256k1, +defined in BIP340. It's important to ensure the key and signature validity as +per BIP340 rules. + +## Versions + +Currently defined encryption algorithms: + +- `0x00` - Reserved +- `0x01` - Deprecated and undefined +- `0x02` - secp256k1 ECDH, HKDF, padding, ChaCha20, HMAC-SHA256, base64 + +## Version 2 + +The algorithm choices are justified in a following way: + +- Encrypt-then-mac-then-sign instead of encrypt-then-sign-then-mac: + only events wrapped in NIP-01 signed envelope are currently accepted by nostr. +- ChaCha instead of AES: it's faster and has + [better security against multi-key attacks](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/) +- ChaCha instead of XChaCha: XChaCha has not been standardized. Also, we don't need xchacha's improved + collision resistance of nonces: every message has a new (key, nonce) pair. +- HMAC-SHA256 instead of Poly1305: polynomial MACs are much easier to forge +- SHA256 instead of SHA3 or BLAKE: it is already used in nostr. Also blake's + speed advantage is smaller in non-parallel environments +- Custom padding instead of padmé: better leakage reduction for small messages +- Base64 encoding instead of an other compression algorithm: it is widely available, + and is already used in nostr + +### Functions and operations + +- Cryptographic methods + - `secure_random_bytes(length)` fetches randomness from CSPRNG + - `hkdf(IKM, salt, info, L)` represents HKDF [(RFC 5869)](https://datatracker.ietf.org/doc/html/rfc5869) with SHA256 hash function, + comprised of methods `hkdf_extract(IKM, salt)` and `hkdf_expand(OKM, info, L)` + - `chacha20(key, nonce, data)` is ChaCha20 [(RFC 8439)](https://datatracker.ietf.org/doc/html/rfc8439), with starting counter set to 0 + - `hmac_sha256(key, message)` is HMAC [(RFC 2104)](https://datatracker.ietf.org/doc/html/rfc2104) + - `secp256k1_ecdh(priv_a, pub_b)` is multiplication of point B by + scalar a (`a ⋅ B`), defined in + [BIP340](https://github.com/bitcoin/bips/blob/e918b50731397872ad2922a1b08a5a4cd1d6d546/bip-0340.mediawiki). + The operation produces shared point, and we encode the shared point's 32-byte x coordinate, + using method `bytes(P)` from BIP340. Private and public keys must be validated + as per BIP340: pubkey must be a valid, on-curve point, and private key must be a scalar in range `[1, secp256k1_order - 1]` +- Operators + - `x[i:j]`, where `x` is a byte array and `i, j <= 0`, + returns a `(j - i)`-byte array with a copy of the `i`-th byte (inclusive) to the `j`-th byte (exclusive) of `x` +- Constants `c`: + - `min_plaintext_size` is 1. 1b msg is padded to 32b. + - `max_plaintext_size` is 65535 (64kb - 1). It is padded to 65536. +- Functions + - `base64_encode(string)` and `base64_decode(bytes)` are Base64 ([RFC 4648](https://datatracker.ietf.org/doc/html/rfc4648), with padding) + - `concat` refers to byte array concatenation + - `is_equal_ct(a, b)` is constant-time equality check of 2 byte arrays + - `utf8_encode(string)` and `utf8_decode(bytes)` transform string to byte array and back + - `write_u8(number)` restricts number to values 0..255 and encodes into Big-Endian uint8 byte array + - `write_u16_be(number)` restricts number to values 0..65535 and encodes into Big-Endian uint16 byte array + - `zeros(length)` creates byte array of length `length >= 0`, filled with zeros + - `floor(number)` and `log2(number)` are well-known mathematical methods + +User-defined functions: + +```py +# Calculates length of the padded byte array. +def calc_padded_len(unpadded_len): + next_power = 1 << (floor(log2(unpadded_len - 1))) + 1 + if next_power <= 256: + chunk = 32 + else: + chunk = next_power / 8 + if unpadded_len <= 32: + return 32 + else: + return chunk * (floor((len - 1) / chunk) + 1) + +# Converts unpadded plaintext to padded bytearray +def pad(plaintext): + unpadded = utf8_encode(plaintext) + unpadded_len = len(plaintext) + if (unpadded_len < c.min_plaintext_size or + unpadded_len > c.max_plaintext_size): raise Exception('invalid plaintext length') + prefix = write_u16_be(unpadded_len) + suffix = zeros(calc_padded_len(unpadded_len) - unpadded_len) + return concat(prefix, unpadded, suffix) + +# Converts padded bytearray to unpadded plaintext +def unpad(padded): + unpadded_len = read_uint16_be(padded[0:2]) + unpadded = padded[2:2+unpadded_len] + if (unpadded_len == 0 or + len(unpadded) != unpadded_len or + len(padded) != 2 + calc_padded_len(unpadded_len)): raise Exception('invalid padding') + return utf8_decode(unpadded) + +# metadata: always 65b (version: 1b, nonce: 32b, max: 32b) +# plaintext: 1b to 0xffff +# padded plaintext: 32b to 0xffff +# ciphertext: 32b+2 to 0xffff+2 +# raw payload: 99 (65+32+2) to 65603 (65+0xffff+2) +# compressed payload (base64): 132b to 87472b +def decode_payload(payload): + plen = len(payload) + if plen == 0 or payload[0] == '#': raise Exception('unknown version') + if plen < 132 or plen > 87472: raise Exception('invalid payload size') + data = base64_decode(payload) + dlen = len(d) + if dlen < 99 or dlen > 65603: raise Exception('invalid data size'); + vers = data[0] + if vers != 2: raise Exception('unknown version ' + vers) + nonce = data[1:33] + ciphertext = data[33:dlen - 32] + mac = data[dlen - 32:dlen] + return (nonce, ciphertext, mac) + +def hmac_aad(key, message, aad): + if len(aad) != 32: raise Exception('AAD associated data must be 32 bytes'); + return hmac(sha256, key, concat(aad, message)); + +# Calculates long-term key between users A and B: `get_key(Apriv, Bpub) == get_key(Bpriv, Apub)` +def get_conversation_key(private_key_a, public_key_b): + shared_x = secp256k1_ecdh(private_key_a, public_key_b) + return hkdf_extract(IKM=shared_x, salt=utf8_encode('nip44-v2')) + +# Calculates unique per-message key +def get_message_keys(conversation_key, nonce): + if len(conversation_key) != 32: raise Exception('invalid conversation_key length') + if len(nonce) != 32: raise Exception('invalid nonce length') + keys = hkdf_expand(OKM=conversation_key, info=nonce, L=76) + chacha_key = keys[0:32] + chacha_nonce = keys[32:44] + hmac_key = keys[44:76] + return (chacha_key, chacha_nonce, hmac_key) + +def encrypt(plaintext, conversation_key, nonce): + (chacha_key, chacha_nonce, hmac_key) = get_message_keys(conversation_key, nonce) + padded = pad(plaintext) + ciphertext = chacha20(key=chacha_key, nonce=chacha_nonce, data=padded) + mac = hmac_aad(key=hmac_key, message=ciphertext, aad=nonce) + return base64_encode(concat(write_u8(2), nonce, ciphertext, mac)) + +def decrypt(payload, conversation_key): + (nonce, ciphertext, mac) = decode_payload(payload) + (chacha_key, chacha_nonce, hmac_key) = get_message_keys(conversation_key, nonce) + calculated_mac = hmac_aad(key=hmac_key, message=ciphertext, aad=nonce) + if not is_equal_ct(calculated_mac, mac): raise Exception('invalid MAC') + padded_plaintext = chacha20(key=chacha_key, nonce=chacha_nonce, data=ciphertext) + return unpad(padded_plaintext) + +# Usage: +# conversation_key = get_conversation_key(sender_privkey, recipient_pubkey) +# nonce = secure_random_bytes(32) +# payload = encrypt('hello world', conversation_key, nonce) +# 'hello world' == decrypt(payload, conversation_key) +``` + +#### Encryption + +1. Calculate conversation key + - Execute ECDH (scalar multiplication) of public key B by private key A. + Output `shared_x` must be unhashed, 32-byte encoded x coordinate of the shared point. + - Use HKDF-extract with sha256, `IKM=shared_x` and `salt=utf8_encode('nip44-v2')` + - HKDF output will be `conversation_key` between two users + - It is always the same, when key roles are swapped: `conv(a, B) == conv(b, A)` +2. Generate random 32-byte nonce + - Always use [CSPRNG](https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator) + - Don't generate nonce from message content + - Don't re-use the same nonce between messages: doing so would make them decryptable, + but won't leak long-term key +3. Calculate message keys + - The keys are generated from `conversation_key` and `nonce`. Validate that both are 32 bytes + - Use HKDF-expand, with sha256, `OKM=conversation_key`, `info=nonce` and `L=76` + - Slice 76-byte HKDF output into: `chacha_key` (bytes 0..32), `chacha_nonce` (bytes 32..44), `hmac_key` (bytes 44..76) +4. Add padding + - Content must be encoded from UTF-8 into byte array + - Validate plaintext length. Minimum is 1 byte, maximum is 65535 bytes + - Padding format is: `[plaintext_length: u16][plaintext][zero_bytes]` + - Padding algorithm is related to powers-of-two, with min padded msg size of 32 + - Plaintext length is encoded in big-endian as first 2 bytes of the padded blob +5. Encrypt padded content + - Use ChaCha20, with key and nonce from step 3 +6. Calculate MAC (message authentication code) with AAD + - AAD is used: instead of calculating MAC on ciphertext, + it's calculated over a concatenation of `nonce` and `ciphertext` + - Validate that AAD (nonce) is 32 bytes +7. Base64-encode (with padding) params: `concat(version, nonce, ciphertext, mac)` + +After encryption, it's necessary to sign it. Use NIP-01 to serialize the event, +with result base64 assigned to event's `content`. Then, use NIP-01 to sign +the event using schnorr signature scheme over secp256k1. + +#### Decryption + +Before decryption, it's necessary to validate the message's pubkey and signature. +The public key must be a valid non-zero secp256k1 curve point, and signature must be valid +secp256k1 schnorr signature. For exact validation rules, refer to BIP-340. + +1. Check if first payload's character is `#` + - `#` is an optional future-proof flag that means non-base64 encoding is used + - The `#` is not present in base64 alphabet, but, instead of throwing `base64 is invalid`, + an app must say the encryption version is not yet supported +2. Decode base64 + - Base64 is decoded into `version, nonce, ciphertext, mac` + - If the version is unknown, the app, an app must say the encryption version is not yet supported + - Validate length of base64 message to prevent DoS on base64 decoder: it can be in range from 132 to 87472 chars + - Validate length of decoded message to verify output of the decoder: it can be in range from 99 to 65603 bytes +3. Calculate conversation key + - See step 1 of Encryption +4. Calculate message keys + - See step 3 of Encryption +5. Calculate MAC (message authentication code) with AAD and compare + - Stop and throw an error if MAC doesn't match the decoded one from step 2 + - Use constant-time comparison algorithm +6. Decrypt ciphertext + - Use ChaCha20 with key and nonce from step 3 +7. Remove padding + - Read the first two BE bytes of plaintext that correspond to plaintext length + - Verify that the length of sliced plaintext matches the value of the two BE bytes + - Verify that calculated padding from encryption's step 3 matches the actual padding + +## Tests and code + +A collection of implementations in different languages is +available [on GitHub](https://github.com/paulmillr/nip44). + +We publish extensive test vectors. Instead of having it in the +document directly, a sha256 checksum of vectors is provided: + + 269ed0f69e4c192512cc779e78c555090cebc7c785b609e338a62afc3ce25040 nip44.vectors.json + +Example of test vector from the file: + +```json +{ + "sec1": "0000000000000000000000000000000000000000000000000000000000000001", + "sec2": "0000000000000000000000000000000000000000000000000000000000000002", + "conversation_key": "c41c775356fd92eadc63ff5a0dc1da211b268cbea22316767095b2871ea1412d", + "nonce": "0000000000000000000000000000000000000000000000000000000000000001", + "plaintext": "a", + "payload": "AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABee0G5VSK0/9YypIObAtDKfYEAjD35uVkHyB0F4DwrcNaCXlCWZKaArsGrY6M9wnuTMxWfp1RTN9Xga8no+kF5Vsb" +} +``` + +The file also contains intermediate values. A quick guidance with regards to its usage: + +- `valid.get_conversation_key`: calculate conversation_key from secret key sec1 and public key pub2 +- `valid.get_message_keys`: calculate chacha_key, chacha_nocne, hmac_key from conversation_key and nonce +- `valid.calc_padded_len`: take unpadded length (first value), calculate padded length (second value) +- `valid.encrypt_decrypt`: emulate real conversation. Calculate + pub2 from sec2, verify conversation_key from (sec1, pub2), encrypt, verify payload, + then calculate pub1 from sec1, verify conversation_key from (sec2, pub1), decrypt, verify plaintext. +- `valid.encrypt_decrypt_long_msg`: same as previous step, but instead of a full plaintext and payload, + their checksum is provided. +- `invalid.encrypt_msg_lengths` +- `invalid.get_conversation_key`: calculating converastion_key must throw an error +- `invalid.decrypt`: decrypting message content must throw an error diff --git a/46.md b/46.md index 3ab71e9c..1f8e6c8d 100644 --- a/46.md +++ b/46.md @@ -96,3 +96,4 @@ The signer key will always be the key of the user who controls the signer device - **ping** - params: [] - result: `"pong"` + diff --git a/README.md b/README.md index 6b83490c..a66c4664 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-01: Basic protocol flow description](01.md) - [NIP-02: Follow List](02.md) - [NIP-03: OpenTimestamps Attestations for Events](03.md) -- [NIP-04: Encrypted Direct Message](04.md) +- [NIP-04: Encrypted Direct Message](04.md) --- **unrecommended**: deprecated in favor of [NIP-44](44.md) - [NIP-05: Mapping Nostr keys to DNS-based internet identifiers](05.md) - [NIP-06: Basic key derivation from mnemonic seed phrase](06.md) - [NIP-07: `window.nostr` capability for web browsers](07.md) @@ -52,6 +52,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-39: External Identities in Profiles](39.md) - [NIP-40: Expiration Timestamp](40.md) - [NIP-42: Authentication of clients to relays](42.md) +- [NIP-44: Versioned Encryption](44.md) - [NIP-45: Counting results](45.md) - [NIP-46: Nostr Connect](46.md) - [NIP-47: Wallet Connect](47.md) From 4199f202365fc4c1a464b1033d040597bccbb08d Mon Sep 17 00:00:00 2001 From: fiatjaf <fiatjaf@gmail.com> Date: Wed, 20 Dec 2023 13:56:03 -0300 Subject: [PATCH 16/89] nip-44: remove author names and arbitrary line-breaks. --- 44.md | 66 ++++++++++++++++++----------------------------------------- 1 file changed, 20 insertions(+), 46 deletions(-) diff --git a/44.md b/44.md index 1282d261..e66a7b3c 100644 --- a/44.md +++ b/44.md @@ -2,7 +2,7 @@ ## Encrypted Payloads (Versioned) -`optional` `author:paulmillr` `author:staab` +`optional` The NIP introduces a new data format for keypair-based encryption. This NIP is versioned to allow multiple algorithm choices to exist simultaneously. @@ -22,12 +22,11 @@ The scheme has a number of important shortcomings: - Limited message size leak: padding only partially obscures true message length - No attachments: they are not supported -Lack of forward secrecy is partially mitigated: 1) the messages -should only be stored on relays, specified by the user, instead of a set of -all public relays 2) the relays are supposed to regularly delete older messages. +Lack of forward secrecy is partially mitigated by these two factors: + 1. the messages should only be stored on relays, specified by the user, instead of a set of all public relays. + 2. the relays are supposed to regularly delete older messages. -For risky situations, users should chat in specialized E2EE messaging software and limit use -of nostr to exchanging contacts. +For risky situations, users should chat in specialized E2EE messaging software and limit use of nostr to exchanging contacts. ## Dependence on NIP-01 @@ -35,14 +34,9 @@ It's not enough to use NIP-44 for encryption: the output must also be signed. In nostr case, the payload is serialized and signed as per NIP-01 rules. -The same event can be serialized in two different ways, -resulting in two distinct signatures. So, it's important -to ensure serialization rules, which are defined in NIP-01, -are the same across different NIP-44 implementations. +The same event can be serialized in two different ways, resulting in two distinct signatures. So, it's important to ensure serialization rules, which are defined in NIP-01, are the same across different NIP-44 implementations. -After serialization, the event is signed by Schnorr signature over secp256k1, -defined in BIP340. It's important to ensure the key and signature validity as -per BIP340 rules. +After serialization, the event is signed by Schnorr signature over secp256k1, defined in BIP340. It's important to ensure the key and signature validity as per BIP340 rules. ## Versions @@ -56,18 +50,12 @@ Currently defined encryption algorithms: The algorithm choices are justified in a following way: -- Encrypt-then-mac-then-sign instead of encrypt-then-sign-then-mac: - only events wrapped in NIP-01 signed envelope are currently accepted by nostr. -- ChaCha instead of AES: it's faster and has - [better security against multi-key attacks](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/) -- ChaCha instead of XChaCha: XChaCha has not been standardized. Also, we don't need xchacha's improved - collision resistance of nonces: every message has a new (key, nonce) pair. -- HMAC-SHA256 instead of Poly1305: polynomial MACs are much easier to forge -- SHA256 instead of SHA3 or BLAKE: it is already used in nostr. Also blake's - speed advantage is smaller in non-parallel environments -- Custom padding instead of padmé: better leakage reduction for small messages -- Base64 encoding instead of an other compression algorithm: it is widely available, - and is already used in nostr +- Encrypt-then-mac-then-sign instead of encrypt-then-sign-then-mac: only events wrapped in NIP-01 signed envelope are currently accepted by nostr. +- ChaCha instead of AES: it's faster and has [better security against multi-key attacks](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/) +- ChaCha instead of XChaCha: XChaCha has not been standardized. Also, we don't need xchacha's improved collision resistance of nonces: every message has a new (key, nonce) pair. +- HMAC-SHA256 instead of Poly1305: polynomial MACs are much easier to forge SHA256 instead of SHA3 or BLAKE: it is already used in nostr. Also blake's + speed advantage is smaller in non-parallel environments - Custom padding instead of padmé: better leakage reduction for small messages +- Base64 encoding instead of an other compression algorithm: it is widely available, and is already used in nostr ### Functions and operations @@ -77,12 +65,7 @@ The algorithm choices are justified in a following way: comprised of methods `hkdf_extract(IKM, salt)` and `hkdf_expand(OKM, info, L)` - `chacha20(key, nonce, data)` is ChaCha20 [(RFC 8439)](https://datatracker.ietf.org/doc/html/rfc8439), with starting counter set to 0 - `hmac_sha256(key, message)` is HMAC [(RFC 2104)](https://datatracker.ietf.org/doc/html/rfc2104) - - `secp256k1_ecdh(priv_a, pub_b)` is multiplication of point B by - scalar a (`a ⋅ B`), defined in - [BIP340](https://github.com/bitcoin/bips/blob/e918b50731397872ad2922a1b08a5a4cd1d6d546/bip-0340.mediawiki). - The operation produces shared point, and we encode the shared point's 32-byte x coordinate, - using method `bytes(P)` from BIP340. Private and public keys must be validated - as per BIP340: pubkey must be a valid, on-curve point, and private key must be a scalar in range `[1, secp256k1_order - 1]` + - `secp256k1_ecdh(priv_a, pub_b)` is multiplication of point B by scalar a (`a ⋅ B`), defined in [BIP340](https://github.com/bitcoin/bips/blob/e918b50731397872ad2922a1b08a5a4cd1d6d546/bip-0340.mediawiki). The operation produces shared point, and we encode the shared point's 32-byte x coordinate, using method `bytes(P)` from BIP340. Private and public keys must be validated as per BIP340: pubkey must be a valid, on-curve point, and private key must be a scalar in range `[1, secp256k1_order - 1]` - Operators - `x[i:j]`, where `x` is a byte array and `i, j <= 0`, returns a `(j - i)`-byte array with a copy of the `i`-th byte (inclusive) to the `j`-th byte (exclusive) of `x` @@ -225,15 +208,11 @@ def decrypt(payload, conversation_key): - Validate that AAD (nonce) is 32 bytes 7. Base64-encode (with padding) params: `concat(version, nonce, ciphertext, mac)` -After encryption, it's necessary to sign it. Use NIP-01 to serialize the event, -with result base64 assigned to event's `content`. Then, use NIP-01 to sign -the event using schnorr signature scheme over secp256k1. +After encryption, it's necessary to sign it. Use NIP-01 to serialize the event, with result base64 assigned to event's `content`. Then, use NIP-01 to sign the event using schnorr signature scheme over secp256k1. #### Decryption -Before decryption, it's necessary to validate the message's pubkey and signature. -The public key must be a valid non-zero secp256k1 curve point, and signature must be valid -secp256k1 schnorr signature. For exact validation rules, refer to BIP-340. +Before decryption, it's necessary to validate the message's pubkey and signature. The public key must be a valid non-zero secp256k1 curve point, and signature must be valid secp256k1 schnorr signature. For exact validation rules, refer to BIP-340. 1. Check if first payload's character is `#` - `#` is an optional future-proof flag that means non-base64 encoding is used @@ -260,11 +239,9 @@ secp256k1 schnorr signature. For exact validation rules, refer to BIP-340. ## Tests and code -A collection of implementations in different languages is -available [on GitHub](https://github.com/paulmillr/nip44). +A collection of implementations in different languages is available at https://github.com/paulmillr/nip44. -We publish extensive test vectors. Instead of having it in the -document directly, a sha256 checksum of vectors is provided: +We publish extensive test vectors. Instead of having it in the document directly, a sha256 checksum of vectors is provided: 269ed0f69e4c192512cc779e78c555090cebc7c785b609e338a62afc3ce25040 nip44.vectors.json @@ -286,11 +263,8 @@ The file also contains intermediate values. A quick guidance with regards to its - `valid.get_conversation_key`: calculate conversation_key from secret key sec1 and public key pub2 - `valid.get_message_keys`: calculate chacha_key, chacha_nocne, hmac_key from conversation_key and nonce - `valid.calc_padded_len`: take unpadded length (first value), calculate padded length (second value) -- `valid.encrypt_decrypt`: emulate real conversation. Calculate - pub2 from sec2, verify conversation_key from (sec1, pub2), encrypt, verify payload, - then calculate pub1 from sec1, verify conversation_key from (sec2, pub1), decrypt, verify plaintext. -- `valid.encrypt_decrypt_long_msg`: same as previous step, but instead of a full plaintext and payload, - their checksum is provided. +- `valid.encrypt_decrypt`: emulate real conversation. Calculate pub2 from sec2, verify conversation_key from (sec1, pub2), encrypt, verify payload, then calculate pub1 from sec1, verify conversation_key from (sec2, pub1), decrypt, verify plaintext. +- `valid.encrypt_decrypt_long_msg`: same as previous step, but instead of a full plaintext and payload, their checksum is provided. - `invalid.encrypt_msg_lengths` - `invalid.get_conversation_key`: calculating converastion_key must throw an error - `invalid.decrypt`: decrypting message content must throw an error From 9be51261c0d1aeff2a99591d978b88bf7e5766b3 Mon Sep 17 00:00:00 2001 From: Paul Miller <paul@paulmillr.com> Date: Wed, 20 Dec 2023 20:18:43 +0300 Subject: [PATCH 17/89] nip-44: add audit notice --- 44.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/44.md b/44.md index e66a7b3c..d69c688e 100644 --- a/44.md +++ b/44.md @@ -237,6 +237,12 @@ Before decryption, it's necessary to validate the message's pubkey and signature - Verify that the length of sliced plaintext matches the value of the two BE bytes - Verify that calculated padding from encryption's step 3 matches the actual padding +## Audit + +The v2 of the standard has been subject to an audit by [Cure53](https://cure53.de) in December 2023. +Check out [audit-2023.12.pdf](https://github.com/paulmillr/nip44/blob/ce63c2eaf345e9f7f93b48f829e6bdeb7e7d7964/audit-2023.12.pdf) +and [auditor's website](https://cure53.de/audit-report_nip44-implementations.pdf). + ## Tests and code A collection of implementations in different languages is available at https://github.com/paulmillr/nip44. From ff533d7a99715b0524f93a182f6c2169fe3b25b1 Mon Sep 17 00:00:00 2001 From: fiatjaf <fiatjaf@gmail.com> Date: Wed, 20 Dec 2023 14:39:35 -0300 Subject: [PATCH 18/89] remove nip44 calls from nip07 temporarily. --- 07.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/07.md b/07.md index 6db05971..90772eef 100644 --- a/07.md +++ b/07.md @@ -20,8 +20,6 @@ Aside from these two basic above, the following functions can also be implemente async window.nostr.getRelays(): { [url: string]: {read: boolean, write: boolean} } // returns a basic map of relay urls to relay policies async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04 (deprecated) async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 (deprecated) -async window.nostr.nip44.encrypt(sender_privkey, recipient_pubkey, plaintext, version): string // returns encrypted payload as specified in nip-44 -async window.nostr.nip44.decrypt(recipient_privkey, sender_pubkey, payload): string // takes encrypted payload as specified in nip-44 ``` ### Implementation From 732b0ce0a49fbdfa35dfae164f25ee9db947f1c2 Mon Sep 17 00:00:00 2001 From: Jon Staab <shtaab@gmail.com> Date: Wed, 20 Dec 2023 11:28:43 -0800 Subject: [PATCH 19/89] Clean up NIP 44 to clarify separation of concerns (encryption vs messaging), improve formatting and clarify encryption/decryption steps --- 44.md | 245 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 130 insertions(+), 115 deletions(-) diff --git a/44.md b/44.md index d69c688e..5093acd3 100644 --- a/44.md +++ b/44.md @@ -1,42 +1,14 @@ -# NIP-44 +NIP-44 +===== -## Encrypted Payloads (Versioned) +Encrypted Payloads (Versioned) +------------------------------ `optional` The NIP introduces a new data format for keypair-based encryption. This NIP is versioned -to allow multiple algorithm choices to exist simultaneously. - -Nostr is a key directory. Every nostr user has their own public key, which solves key -distribution problems present in other solutions. The goal of this NIP is to have a -simple way to send messages between nostr accounts that cannot be read by everyone. - -The scheme has a number of important shortcomings: - -- No deniability: it is possible to prove the event was signed by a particular key -- No forward secrecy: when a user key is compromised, it is possible to decrypt all previous conversations -- No post-compromise security: when a user key is compromised, it is possible to decrypt all future conversations -- No post-quantum security: a powerful quantum computer would be able to decrypt the messages -- IP address leak: user IP may be seen by relays and all intermediaries between user and relay -- Date leak: the message date is public, since it is a part of NIP 01 event -- Limited message size leak: padding only partially obscures true message length -- No attachments: they are not supported - -Lack of forward secrecy is partially mitigated by these two factors: - 1. the messages should only be stored on relays, specified by the user, instead of a set of all public relays. - 2. the relays are supposed to regularly delete older messages. - -For risky situations, users should chat in specialized E2EE messaging software and limit use of nostr to exchanging contacts. - -## Dependence on NIP-01 - -It's not enough to use NIP-44 for encryption: the output must also be signed. - -In nostr case, the payload is serialized and signed as per NIP-01 rules. - -The same event can be serialized in two different ways, resulting in two distinct signatures. So, it's important to ensure serialization rules, which are defined in NIP-01, are the same across different NIP-44 implementations. - -After serialization, the event is signed by Schnorr signature over secp256k1, defined in BIP340. It's important to ensure the key and signature validity as per BIP340 rules. +to allow multiple algorithm choices to exist simultaneously. This format may be used for +many things, but MUST be used in the context of a signed event as described in NIP 01. ## Versions @@ -46,29 +18,129 @@ Currently defined encryption algorithms: - `0x01` - Deprecated and undefined - `0x02` - secp256k1 ECDH, HKDF, padding, ChaCha20, HMAC-SHA256, base64 +## Limitations + +Every nostr user has their own public key, which solves key distribution problems present +in other solutions. However, nostr's relay-based architecture makes it difficult to implement +more robust private messaging protocols with things like metadata hiding, forward secrecy, +and post compromise secrecy. + +The goal of this NIP is to have a _simple_ way to encrypt payloads used in the context of a signed +event. When applying this NIP to any use case, it's important to keep in mind your users' threat +model and this NIP's limitations. For high-risk situations, users should chat in specialized E2EE +messaging software and limit use of nostr to exchanging contacts. + +On its own, messages sent using this scheme has a number of important shortcomings: + +- No deniability: it is possible to prove an event was signed by a particular key +- No forward secrecy: when a key is compromised, it is possible to decrypt all previous conversations +- No post-compromise security: when a key is compromised, it is possible to decrypt all future conversations +- No post-quantum security: a powerful quantum computer would be able to decrypt the messages +- IP address leak: user IP may be seen by relays and all intermediaries between user and relay +- Date leak: `created_at` is public, since it is a part of NIP 01 event +- Limited message size leak: padding only partially obscures true message length +- No attachments: they are not supported + +Lack of forward secrecy may be partially mitigated by only sending messages to trusted relays, and asking +relays to delete stored messages after a certain duration has elapsed. + ## Version 2 -The algorithm choices are justified in a following way: +NIP-44 version 2 has the following design characteristics: -- Encrypt-then-mac-then-sign instead of encrypt-then-sign-then-mac: only events wrapped in NIP-01 signed envelope are currently accepted by nostr. -- ChaCha instead of AES: it's faster and has [better security against multi-key attacks](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/) -- ChaCha instead of XChaCha: XChaCha has not been standardized. Also, we don't need xchacha's improved collision resistance of nonces: every message has a new (key, nonce) pair. -- HMAC-SHA256 instead of Poly1305: polynomial MACs are much easier to forge SHA256 instead of SHA3 or BLAKE: it is already used in nostr. Also blake's - speed advantage is smaller in non-parallel environments - Custom padding instead of padmé: better leakage reduction for small messages -- Base64 encoding instead of an other compression algorithm: it is widely available, and is already used in nostr +- Payloads are authenticated using a MAC before signing rather than afterwards because events are assumed + to be signed as specified in NIP-01. The outer signature serves to authenticate the full payload, and MUST + be validated before decrypting. +- ChaCha is used instead of AES because it's faster and has + [better security against multi-key attacks](https://datatracker.ietf.org/doc/draft-irtf-cfrg-aead-limits/). +- ChaCha is used instead of XChaCha because XChaCha has not been standardized. Also, xChaCha's improved collision + resistance of nonces isn't necessary since every message has a new (key, nonce) pair. +- HMAC-SHA256 is used instead of Poly1305 because polynomial MACs are much easier to forge. +- SHA256 is used instead of SHA3 or BLAKE because it is already used in nostr. Also BLAKE's speed advantage + is smaller in non-parallel environments. +- A custom padding scheme is used instead of padmé because it provides better leakage reduction for small messages. +- Base64 encoding is used instead of another compression algorithm because it is widely available, and is already used in nostr. -### Functions and operations +### Encryption + +1. Calculate a conversation key + - Execute ECDH (scalar multiplication) of public key B by private key A + Output `shared_x` must be unhashed, 32-byte encoded x coordinate of the shared point + - Use HKDF-extract with sha256, `IKM=shared_x` and `salt=utf8_encode('nip44-v2')` + - HKDF output will be a `conversation_key` between two users. + - It is always the same, when key roles are swapped: `conv(a, B) == conv(b, A)` +2. Generate a random 32-byte nonce + - Always use [CSPRNG](https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator) + - Don't generate a nonce from message content + - Don't re-use the same nonce between messages: doing so would make them decryptable, + but won't leak the long-term key +3. Calculate message keys + - The keys are generated from `conversation_key` and `nonce`. Validate that both are 32 bytes long + - Use HKDF-expand, with sha256, `OKM=conversation_key`, `info=nonce` and `L=76` + - Slice 76-byte HKDF output into: `chacha_key` (bytes 0..32), `chacha_nonce` (bytes 32..44), `hmac_key` (bytes 44..76) +4. Add padding + - Content must be encoded from UTF-8 into byte array + - Validate plaintext length. Minimum is 1 byte, maximum is 65535 bytes + - Padding format is: `[plaintext_length: u16][plaintext][zero_bytes]` + - Padding algorithm is related to powers-of-two, with min padded msg size of 32 + - Plaintext length is encoded in big-endian as first 2 bytes of the padded blob +5. Encrypt padded content + - Use ChaCha20, with key and nonce from step 3 +6. Calculate MAC (message authentication code) + - AAD (additional authenticated data) is used - instead of calculating MAC on ciphertext, + it's calculated over a concatenation of `nonce` and `ciphertext` + - Validate that AAD (nonce) is 32 bytes +7. Base64-encode (with padding) params using `concat(version, nonce, ciphertext, mac)` + +Encrypted payloads MUST be included in an event's payload, hashed, and signed as defined in NIP 01, using schnorr +signature scheme over secp256k1. + +### Decryption + +Before decryption, the event's pubkey and signature MUST be validated as defined in NIP 01. The public key MUST be +a valid non-zero secp256k1 curve point, and the signature must be valid secp256k1 schnorr signature. For exact +validation rules, refer to BIP-340. + +1. Check if first payload's character is `#` + - `#` is an optional future-proof flag that means non-base64 encoding is used + - The `#` is not present in base64 alphabet, but, instead of throwing `base64 is invalid`, + implementations MUST indicate that the encryption version is not yet supported +2. Decode base64 + - Base64 is decoded into `version, nonce, ciphertext, mac` + - If the version is unknown, implementations must indicate that the encryption version is not supported + - Validate length of base64 message to prevent DoS on base64 decoder: it can be in range from 132 to 87472 chars + - Validate length of decoded message to verify output of the decoder: it can be in range from 99 to 65603 bytes +3. Calculate conversation key + - See step 1 of (encryption)[#Encryption] +4. Calculate message keys + - See step 3 of (encryption)[#Encryption] +5. Calculate MAC (message authentication code) with AAD and compare + - Stop and throw an error if MAC doesn't match the decoded one from step 2 + - Use constant-time comparison algorithm +6. Decrypt ciphertext + - Use ChaCha20 with key and nonce from step 3 +7. Remove padding + - Read the first two BE bytes of plaintext that correspond to plaintext length + - Verify that the length of sliced plaintext matches the value of the two BE bytes + - Verify that calculated padding from step 3 of the (encryption)[#Encryption] process matches the actual padding + +### Details - Cryptographic methods - - `secure_random_bytes(length)` fetches randomness from CSPRNG - - `hkdf(IKM, salt, info, L)` represents HKDF [(RFC 5869)](https://datatracker.ietf.org/doc/html/rfc5869) with SHA256 hash function, - comprised of methods `hkdf_extract(IKM, salt)` and `hkdf_expand(OKM, info, L)` - - `chacha20(key, nonce, data)` is ChaCha20 [(RFC 8439)](https://datatracker.ietf.org/doc/html/rfc8439), with starting counter set to 0 - - `hmac_sha256(key, message)` is HMAC [(RFC 2104)](https://datatracker.ietf.org/doc/html/rfc2104) - - `secp256k1_ecdh(priv_a, pub_b)` is multiplication of point B by scalar a (`a ⋅ B`), defined in [BIP340](https://github.com/bitcoin/bips/blob/e918b50731397872ad2922a1b08a5a4cd1d6d546/bip-0340.mediawiki). The operation produces shared point, and we encode the shared point's 32-byte x coordinate, using method `bytes(P)` from BIP340. Private and public keys must be validated as per BIP340: pubkey must be a valid, on-curve point, and private key must be a scalar in range `[1, secp256k1_order - 1]` + - `secure_random_bytes(length)` fetches randomness from CSPRNG. + - `hkdf(IKM, salt, info, L)` represents HKDF [(RFC 5869)](https://datatracker.ietf.org/doc/html/rfc5869) + with SHA256 hash function comprised of methods `hkdf_extract(IKM, salt)` and `hkdf_expand(OKM, info, L)`. + - `chacha20(key, nonce, data)` is ChaCha20 [(RFC 8439)](https://datatracker.ietf.org/doc/html/rfc8439) with + starting counter set to 0. + - `hmac_sha256(key, message)` is HMAC [(RFC 2104)](https://datatracker.ietf.org/doc/html/rfc2104). + - `secp256k1_ecdh(priv_a, pub_b)` is multiplication of point B by scalar a (`a ⋅ B`), defined in + [BIP340](https://github.com/bitcoin/bips/blob/e918b50731397872ad2922a1b08a5a4cd1d6d546/bip-0340.mediawiki). + The operation produces a shared point, and we encode the shared point's 32-byte x coordinate, using method + `bytes(P)` from BIP340. Private and public keys must be validated as per BIP340: pubkey must be a valid, + on-curve point, and private key must be a scalar in range `[1, secp256k1_order - 1]`. - Operators - - `x[i:j]`, where `x` is a byte array and `i, j <= 0`, - returns a `(j - i)`-byte array with a copy of the `i`-th byte (inclusive) to the `j`-th byte (exclusive) of `x` + - `x[i:j]`, where `x` is a byte array and `i, j <= 0` returns a `(j - i)`-byte array with a copy of the + `i`-th byte (inclusive) to the `j`-th byte (exclusive) of `x`. - Constants `c`: - `min_plaintext_size` is 1. 1b msg is padded to 32b. - `max_plaintext_size` is 65535 (64kb - 1). It is padded to 65536. @@ -82,7 +154,10 @@ The algorithm choices are justified in a following way: - `zeros(length)` creates byte array of length `length >= 0`, filled with zeros - `floor(number)` and `log2(number)` are well-known mathematical methods -User-defined functions: +### Implementation pseudocode + +The following is a collection of python-like pseudocode functions which implement the above primitives, +intended to guide impelmenters. A collection of implementations in different languages is available at https://github.com/paulmillr/nip44. ```py # Calculates length of the padded byte array. @@ -177,73 +252,13 @@ def decrypt(payload, conversation_key): # 'hello world' == decrypt(payload, conversation_key) ``` -#### Encryption +### Audit -1. Calculate conversation key - - Execute ECDH (scalar multiplication) of public key B by private key A. - Output `shared_x` must be unhashed, 32-byte encoded x coordinate of the shared point. - - Use HKDF-extract with sha256, `IKM=shared_x` and `salt=utf8_encode('nip44-v2')` - - HKDF output will be `conversation_key` between two users - - It is always the same, when key roles are swapped: `conv(a, B) == conv(b, A)` -2. Generate random 32-byte nonce - - Always use [CSPRNG](https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator) - - Don't generate nonce from message content - - Don't re-use the same nonce between messages: doing so would make them decryptable, - but won't leak long-term key -3. Calculate message keys - - The keys are generated from `conversation_key` and `nonce`. Validate that both are 32 bytes - - Use HKDF-expand, with sha256, `OKM=conversation_key`, `info=nonce` and `L=76` - - Slice 76-byte HKDF output into: `chacha_key` (bytes 0..32), `chacha_nonce` (bytes 32..44), `hmac_key` (bytes 44..76) -4. Add padding - - Content must be encoded from UTF-8 into byte array - - Validate plaintext length. Minimum is 1 byte, maximum is 65535 bytes - - Padding format is: `[plaintext_length: u16][plaintext][zero_bytes]` - - Padding algorithm is related to powers-of-two, with min padded msg size of 32 - - Plaintext length is encoded in big-endian as first 2 bytes of the padded blob -5. Encrypt padded content - - Use ChaCha20, with key and nonce from step 3 -6. Calculate MAC (message authentication code) with AAD - - AAD is used: instead of calculating MAC on ciphertext, - it's calculated over a concatenation of `nonce` and `ciphertext` - - Validate that AAD (nonce) is 32 bytes -7. Base64-encode (with padding) params: `concat(version, nonce, ciphertext, mac)` - -After encryption, it's necessary to sign it. Use NIP-01 to serialize the event, with result base64 assigned to event's `content`. Then, use NIP-01 to sign the event using schnorr signature scheme over secp256k1. - -#### Decryption - -Before decryption, it's necessary to validate the message's pubkey and signature. The public key must be a valid non-zero secp256k1 curve point, and signature must be valid secp256k1 schnorr signature. For exact validation rules, refer to BIP-340. - -1. Check if first payload's character is `#` - - `#` is an optional future-proof flag that means non-base64 encoding is used - - The `#` is not present in base64 alphabet, but, instead of throwing `base64 is invalid`, - an app must say the encryption version is not yet supported -2. Decode base64 - - Base64 is decoded into `version, nonce, ciphertext, mac` - - If the version is unknown, the app, an app must say the encryption version is not yet supported - - Validate length of base64 message to prevent DoS on base64 decoder: it can be in range from 132 to 87472 chars - - Validate length of decoded message to verify output of the decoder: it can be in range from 99 to 65603 bytes -3. Calculate conversation key - - See step 1 of Encryption -4. Calculate message keys - - See step 3 of Encryption -5. Calculate MAC (message authentication code) with AAD and compare - - Stop and throw an error if MAC doesn't match the decoded one from step 2 - - Use constant-time comparison algorithm -6. Decrypt ciphertext - - Use ChaCha20 with key and nonce from step 3 -7. Remove padding - - Read the first two BE bytes of plaintext that correspond to plaintext length - - Verify that the length of sliced plaintext matches the value of the two BE bytes - - Verify that calculated padding from encryption's step 3 matches the actual padding - -## Audit - -The v2 of the standard has been subject to an audit by [Cure53](https://cure53.de) in December 2023. +The v2 of the standard was audited by [Cure53](https://cure53.de) in December 2023. Check out [audit-2023.12.pdf](https://github.com/paulmillr/nip44/blob/ce63c2eaf345e9f7f93b48f829e6bdeb7e7d7964/audit-2023.12.pdf) and [auditor's website](https://cure53.de/audit-report_nip44-implementations.pdf). -## Tests and code +### Tests and code A collection of implementations in different languages is available at https://github.com/paulmillr/nip44. @@ -251,7 +266,7 @@ We publish extensive test vectors. Instead of having it in the document directly 269ed0f69e4c192512cc779e78c555090cebc7c785b609e338a62afc3ce25040 nip44.vectors.json -Example of test vector from the file: +Example of a test vector from the file: ```json { From 2b78cc9304f775b8391f62b7fe61e99a3fdc905b Mon Sep 17 00:00:00 2001 From: Jon Staab <shtaab@gmail.com> Date: Wed, 20 Dec 2023 11:35:12 -0800 Subject: [PATCH 20/89] Add clarification about not replacing nip 04 --- 44.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/44.md b/44.md index 5093acd3..8bc40383 100644 --- a/44.md +++ b/44.md @@ -10,6 +10,10 @@ The NIP introduces a new data format for keypair-based encryption. This NIP is v to allow multiple algorithm choices to exist simultaneously. This format may be used for many things, but MUST be used in the context of a signed event as described in NIP 01. +*Note*: this format DOES NOT define any `kind`s related to a new direct messaging standard, +only the encryption required to define one. It SHOULD NOT be used as a drop-in replacement +for NIP 04 payloads. + ## Versions Currently defined encryption algorithms: @@ -30,7 +34,7 @@ event. When applying this NIP to any use case, it's important to keep in mind yo model and this NIP's limitations. For high-risk situations, users should chat in specialized E2EE messaging software and limit use of nostr to exchanging contacts. -On its own, messages sent using this scheme has a number of important shortcomings: +On its own, messages sent using this scheme have a number of important shortcomings: - No deniability: it is possible to prove an event was signed by a particular key - No forward secrecy: when a key is compromised, it is possible to decrypt all previous conversations From 5ed4232584f3ab34192291daf985742248fb14ea Mon Sep 17 00:00:00 2001 From: Josua Schmid <josua.schmid@renuo.ch> Date: Fri, 22 Dec 2023 09:58:49 +0100 Subject: [PATCH 21/89] Mention deprecation of kind 2 Kind `2` was [consciously](https://github.com/nostr-protocol/nips/pull/703#issuecomment-1672098794) removed in https://github.com/nostr-protocol/nips/commit/72bb8a128b2d7d3c2c654644cd68d0d0fe58a3b1#diff-39307f1617417657ee9874be314f13aabdc74401b124d0afe8217f2919c9c7d8L105. Mentioning the fact should help prevent further confusion. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a66c4664..ce1542b5 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | ------------- | -------------------------- | ----------- | | `0` | Metadata | [1](01.md) | | `1` | Short Text Note | [1](01.md) | -| `2` | Recommend Relay | | +| `2` | Recommend Relay | 1 (before 2023-08-13) | | `3` | Follows | [2](02.md) | | `4` | Encrypted Direct Messages | [4](04.md) | | `5` | Event Deletion | [9](09.md) | From d30f03316f0b3ab56faba94b0abfcb9041b81764 Mon Sep 17 00:00:00 2001 From: Josua Schmid <josua.schmid@renuo.ch> Date: Fri, 22 Dec 2023 14:54:17 +0100 Subject: [PATCH 22/89] Emphasis on multiple filters in NIP-01 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As mentioned further down in NIP-01 > A REQ message may contain multiple filters. The comma makes it more clear that the message array can container more than 3 items. So it is understood easily to match ``` // correct: ["REQ", <subscription_id>, filters1, filters2, …] ``` instead of ``` // wrong: ["REQ", <subscription_id>, [filters1, filters2, …]] ``` --- 01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01.md b/01.md index 99c991ac..0cf03ed8 100644 --- a/01.md +++ b/01.md @@ -101,7 +101,7 @@ Relays expose a websocket endpoint to which clients can connect. Clients SHOULD Clients can send 3 types of messages, which must be JSON arrays, according to the following patterns: * `["EVENT", <event JSON as defined above>]`, used to publish events. - * `["REQ", <subscription_id>, <filters JSON>...]`, used to request events and subscribe to new updates. + * `["REQ", <subscription_id>, <filters JSON>, ...]`, used to request events and subscribe to new updates. * `["CLOSE", <subscription_id>]`, used to stop previous subscriptions. `<subscription_id>` is an arbitrary, non-empty string of max length 64 chars, that should be used to represent a subscription. Relays should manage `<subscription_id>`s independently for each WebSocket connection; even if `<subscription_id>`s are the same string, they should be treated as different subscriptions for different connections. From 91244c50cdb77fd94021d0847148e091b8d468d1 Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Sat, 23 Dec 2023 01:07:55 +0900 Subject: [PATCH 23/89] Add leading zero to NIP numbers --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ce1542b5..2467eb60 100644 --- a/README.md +++ b/README.md @@ -78,12 +78,12 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos ## Event Kinds | kind | description | NIP | | ------------- | -------------------------- | ----------- | -| `0` | Metadata | [1](01.md) | -| `1` | Short Text Note | [1](01.md) | -| `2` | Recommend Relay | 1 (before 2023-08-13) | -| `3` | Follows | [2](02.md) | -| `4` | Encrypted Direct Messages | [4](04.md) | -| `5` | Event Deletion | [9](09.md) | +| `0` | Metadata | [01](01.md) | +| `1` | Short Text Note | [01](01.md) | +| `2` | Recommend Relay | 01 (before 2023-08-13) | +| `3` | Follows | [02](02.md) | +| `4` | Encrypted Direct Messages | [04](04.md) | +| `5` | Event Deletion | [09](09.md) | | `6` | Repost | [18](18.md) | | `7` | Reaction | [25](25.md) | | `8` | Badge Award | [58](58.md) | From 95218740e2a78dbe941f09b09360541731d8f55e Mon Sep 17 00:00:00 2001 From: jiftechnify <jiftech.stlfy@gmail.com> Date: Mon, 25 Dec 2023 12:00:05 +0900 Subject: [PATCH 24/89] fix typos --- 44.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/44.md b/44.md index 8bc40383..0efa4825 100644 --- a/44.md +++ b/44.md @@ -80,7 +80,7 @@ NIP-44 version 2 has the following design characteristics: but won't leak the long-term key 3. Calculate message keys - The keys are generated from `conversation_key` and `nonce`. Validate that both are 32 bytes long - - Use HKDF-expand, with sha256, `OKM=conversation_key`, `info=nonce` and `L=76` + - Use HKDF-expand, with sha256, `PRK=conversation_key`, `info=nonce` and `L=76` - Slice 76-byte HKDF output into: `chacha_key` (bytes 0..32), `chacha_nonce` (bytes 32..44), `hmac_key` (bytes 44..76) 4. Add padding - Content must be encoded from UTF-8 into byte array @@ -115,9 +115,9 @@ validation rules, refer to BIP-340. - Validate length of base64 message to prevent DoS on base64 decoder: it can be in range from 132 to 87472 chars - Validate length of decoded message to verify output of the decoder: it can be in range from 99 to 65603 bytes 3. Calculate conversation key - - See step 1 of (encryption)[#Encryption] + - See step 1 of [encryption](#Encryption) 4. Calculate message keys - - See step 3 of (encryption)[#Encryption] + - See step 3 of [encryption](#Encryption) 5. Calculate MAC (message authentication code) with AAD and compare - Stop and throw an error if MAC doesn't match the decoded one from step 2 - Use constant-time comparison algorithm @@ -126,7 +126,7 @@ validation rules, refer to BIP-340. 7. Remove padding - Read the first two BE bytes of plaintext that correspond to plaintext length - Verify that the length of sliced plaintext matches the value of the two BE bytes - - Verify that calculated padding from step 3 of the (encryption)[#Encryption] process matches the actual padding + - Verify that calculated padding from step 3 of the [encryption](#Encryption) process matches the actual padding ### Details @@ -291,5 +291,5 @@ The file also contains intermediate values. A quick guidance with regards to its - `valid.encrypt_decrypt`: emulate real conversation. Calculate pub2 from sec2, verify conversation_key from (sec1, pub2), encrypt, verify payload, then calculate pub1 from sec1, verify conversation_key from (sec2, pub1), decrypt, verify plaintext. - `valid.encrypt_decrypt_long_msg`: same as previous step, but instead of a full plaintext and payload, their checksum is provided. - `invalid.encrypt_msg_lengths` -- `invalid.get_conversation_key`: calculating converastion_key must throw an error +- `invalid.get_conversation_key`: calculating conversation_key must throw an error - `invalid.decrypt`: decrypting message content must throw an error From 3b065c3c0467def35f5d38a688a1adf98d944183 Mon Sep 17 00:00:00 2001 From: Josua Schmid <josua.schmid@renuo.ch> Date: Tue, 26 Dec 2023 20:54:06 +0100 Subject: [PATCH 25/89] Reword REQ for multiple filters --- 01.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/01.md b/01.md index 0cf03ed8..eed20a5c 100644 --- a/01.md +++ b/01.md @@ -101,12 +101,12 @@ Relays expose a websocket endpoint to which clients can connect. Clients SHOULD Clients can send 3 types of messages, which must be JSON arrays, according to the following patterns: * `["EVENT", <event JSON as defined above>]`, used to publish events. - * `["REQ", <subscription_id>, <filters JSON>, ...]`, used to request events and subscribe to new updates. + * `["REQ", <subscription_id>, <filters1>, <filters2>, ...]`, used to request events and subscribe to new updates. * `["CLOSE", <subscription_id>]`, used to stop previous subscriptions. `<subscription_id>` is an arbitrary, non-empty string of max length 64 chars, that should be used to represent a subscription. Relays should manage `<subscription_id>`s independently for each WebSocket connection; even if `<subscription_id>`s are the same string, they should be treated as different subscriptions for different connections. -`<filters>` is a JSON object that determines what events will be sent in that subscription, it can have the following attributes: +`<filtersX>` is a JSON object that determines what events will be sent in that subscription, it can have the following attributes: ```json { From 8e5a275f991c8fe31aba9db0ea0dac2586d50ca3 Mon Sep 17 00:00:00 2001 From: Josua Schmid <josua.schmid@renuo.ch> Date: Tue, 26 Dec 2023 21:57:04 +0100 Subject: [PATCH 26/89] NIP-01 Tighten-up subscription_id management rule Rephrase to "MUST" so that one does not assume a connection could `CLOSE` any `subscription_id`, which it must not. --- 01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01.md b/01.md index eed20a5c..ec872c30 100644 --- a/01.md +++ b/01.md @@ -104,7 +104,7 @@ Clients can send 3 types of messages, which must be JSON arrays, according to th * `["REQ", <subscription_id>, <filters1>, <filters2>, ...]`, used to request events and subscribe to new updates. * `["CLOSE", <subscription_id>]`, used to stop previous subscriptions. -`<subscription_id>` is an arbitrary, non-empty string of max length 64 chars, that should be used to represent a subscription. Relays should manage `<subscription_id>`s independently for each WebSocket connection; even if `<subscription_id>`s are the same string, they should be treated as different subscriptions for different connections. +`<subscription_id>` is an arbitrary, non-empty string of max length 64 chars. It represents a subscription per connection. Relays MUST manage `<subscription_id>`s independently for each WebSocket connection. `<subscription_id>`s are not guarantueed to be globally unique. `<filtersX>` is a JSON object that determines what events will be sent in that subscription, it can have the following attributes: From 0266d86b41d9b0684fa181700069d7553af505ef Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Wed, 27 Dec 2023 19:37:20 +0900 Subject: [PATCH 27/89] Simplify list of NIP-07 implementations --- 07.md | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/07.md b/07.md index 90772eef..12ae6478 100644 --- a/07.md +++ b/07.md @@ -24,16 +24,4 @@ async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext ### Implementation -- [horse](https://github.com/fiatjaf/horse) (Chrome and derivatives) -- [nos2x](https://github.com/fiatjaf/nos2x) (Chrome and derivatives) -- [Alby](https://getalby.com) (Chrome and derivatives, Firefox) -- [Blockcore](https://www.blockcore.net/wallet) (Chrome and derivatives) -- [nos2x-fox](https://diegogurpegui.com/nos2x-fox/) (Firefox) -- [Flamingo](https://www.getflamingo.org/) (Chrome and derivatives) -- [AKA Profiles](https://github.com/neilck/aka-extension) (Chrome, stores multiple keys) -- [TokenPocket](https://www.tokenpocket.pro/) (Android, IOS, Chrome and derivatives) -- [Nostrmo](https://github.com/haorendashu/nostrmo_faq#download) (Android, IOS) -- [Spring Browser](https://spring.site) (Android) -- [nodestr](https://github.com/lightning-digital-entertainment/nodestr) (NodeJS polyfill) -- [Nostore](https://apps.apple.com/us/app/nostore/id1666553677) (Safari on iOS/MacOS) -- [OneKey](https://onekey.so/) (Android, IOS, Chrome and derivatives) +See https://github.com/aljazceru/awesome-nostr#nip-07-browser-extensions. From 5e0cfb62ece24ea55346f5fdcdc62ddc824139fb Mon Sep 17 00:00:00 2001 From: Josua Schmid <josua.schmid@renuo.ch> Date: Wed, 27 Dec 2023 15:06:36 +0100 Subject: [PATCH 28/89] Rephrase deprecation of kind 2 (#943) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2467eb60..bf340a88 100644 --- a/README.md +++ b/README.md @@ -77,10 +77,10 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos ## Event Kinds | kind | description | NIP | -| ------------- | -------------------------- | ----------- | +| ------------- | -------------------------- | ------------------------ | | `0` | Metadata | [01](01.md) | | `1` | Short Text Note | [01](01.md) | -| `2` | Recommend Relay | 01 (before 2023-08-13) | +| `2` | Recommend Relay | 01 (deprecated) | | `3` | Follows | [02](02.md) | | `4` | Encrypted Direct Messages | [04](04.md) | | `5` | Event Deletion | [09](09.md) | From 17c67ef5577c8ac5419a1081aadea57e30f8c133 Mon Sep 17 00:00:00 2001 From: Vitor Pamplona <vitor@vitorpamplona.com> Date: Tue, 26 Dec 2023 09:09:18 -0500 Subject: [PATCH 29/89] Removes the `aes-256-gcm` tag since no one seems to be using. People that wish to use encryption can now use the new NIP-44 scheme. --- 94.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/94.md b/94.md index 95b6a3bc..84a3d12f 100644 --- a/94.md +++ b/94.md @@ -6,7 +6,7 @@ File Metadata `draft` `optional` -The purpose of this NIP is to allow an organization and classification of shared files. So that relays can filter and organize in any way that is of interest. With that, multiple types of filesharing clients can be created. NIP-94 support is not expected to be implemented by "social" clients that deal with kind:1 notes or by longform clients that deal with kind:30023 articles. +The purpose of this NIP is to allow an organization and classification of shared files. So that relays can filter and organize in any way that is of interest. With that, multiple types of filesharing clients can be created. NIP-94 support is not expected to be implemented by "social" clients that deal with `kind:1` notes or by longform clients that deal with `kind:30023` articles. ## Event format @@ -14,7 +14,6 @@ This NIP specifies the use of the `1063` event type, having in `content` a descr * `url` the url to download the file * `m` a string indicating the data type of the file. The [MIME types](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types) format must be used, and they should be lowercase. -* `"aes-256-gcm"` (optional) key and nonce for AES-GCM encryption with tagSize always 128bits * `x` containing the SHA-256 hexencoded string of the file. * `size` (optional) size of file in bytes * `dim` (optional) size of file in pixels in the form `<width>x<height>` @@ -31,7 +30,6 @@ This NIP specifies the use of the `1063` event type, having in `content` a descr "kind": 1063, "tags": [ ["url",<string with URI of file>], - ["aes-256-gcm",<key>, <iv>], ["m", <MIME type>], ["x",<Hash SHA-256>], ["size", <size of file in bytes>], From 27fef638e2460139cc9078427a0aec0ce4470517 Mon Sep 17 00:00:00 2001 From: Pablo Fernandez <p@f7z.io> Date: Mon, 1 Jan 2024 02:08:56 +0000 Subject: [PATCH 30/89] index zap senders with P tag (#954) --- 57.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/57.md b/57.md index 759e2033..6d896206 100644 --- a/57.md +++ b/57.md @@ -111,6 +111,7 @@ When a client sends a `zap request` event to a server's lnurl-pay callback URL, 5. There should be a `relays` tag with the relays to send the `zap receipt` to. 6. If there is an `amount` tag, it MUST be equal to the `amount` query parameter. 7. If there is an `a` tag, it MUST be a valid event coordinate +8. There MUST be 0 or 1 `P` tags. If there is one, it MUST be equal to the `zap receipt`'s `pubkey`. The event MUST then be stored for use later, when the invoice is paid. @@ -128,7 +129,7 @@ The following should be true of the `zap receipt` event: - The `content` SHOULD be empty. - The `created_at` date SHOULD be set to the invoice `paid_at` date for idempotency. -- `tags` MUST include the `p` tag AND optional `e` tag from the `zap request` AND optional `a` tag from the `zap request`. +- `tags` MUST include the `p` tag (zap recipient) AND optional `e` tag from the `zap request` AND optional `a` tag from the `zap request` AND optional `P` tag from the pubkey of the zap request (zap sender). - The `zap receipt` MUST have a `bolt11` tag containing the description hash bolt11 invoice. - The `zap receipt` MUST contain a `description` tag which is the JSON-encoded invoice description. - `SHA256(description)` MUST match the description hash in the bolt11 invoice. @@ -148,13 +149,13 @@ Example `zap receipt`: "kind": 9735, "tags": [ ["p", "32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245"], + ["P", "97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322"], ["e", "3624762a1274dd9636e0c552b53086d70bc88c165bc4dc0f9e836a1eaf86c3b8"], ["bolt11", "lnbc10u1p3unwfusp5t9r3yymhpfqculx78u027lxspgxcr2n2987mx2j55nnfs95nxnzqpp5jmrh92pfld78spqs78v9euf2385t83uvpwk9ldrlvf6ch7tpascqhp5zvkrmemgth3tufcvflmzjzfvjt023nazlhljz2n9hattj4f8jq8qxqyjw5qcqpjrzjqtc4fc44feggv7065fqe5m4ytjarg3repr5j9el35xhmtfexc42yczarjuqqfzqqqqqqqqlgqqqqqqgq9q9qxpqysgq079nkq507a5tw7xgttmj4u990j7wfggtrasah5gd4ywfr2pjcn29383tphp4t48gquelz9z78p4cq7ml3nrrphw5w6eckhjwmhezhnqpy6gyf0"], - ["description", "{\"pubkey\":\"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245\",\"content\":\"\",\"id\":\"d9cc14d50fcb8c27539aacf776882942c1a11ea4472f8cdec1dea82fab66279d\",\"created_at\":1674164539,\"sig\":\"77127f636577e9029276be060332ea565deaf89ff215a494ccff16ae3f757065e2bc59b2e8c113dd407917a010b3abd36c8d7ad84c0e3ab7dab3a0b0caa9835d\",\"kind\":9734,\"tags\":[[\"e\",\"3624762a1274dd9636e0c552b53086d70bc88c165bc4dc0f9e836a1eaf86c3b8\"],[\"p\",\"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245\"],[\"relays\",\"wss://relay.damus.io\",\"wss://nostr-relay.wlvs.space\",\"wss://nostr.fmt.wiz.biz\",\"wss://relay.nostr.bg\",\"wss://nostr.oxtr.dev\",\"wss://nostr.v0l.io\",\"wss://brb.io\",\"wss://nostr.bitcoiner.social\",\"ws://monad.jb55.com:8080\",\"wss://relay.snort.social\"]]}"], + ["description", "{\"pubkey\":\"97c70a44366a6535c145b333f973ea86dfdc2d7a99da618c40c64705ad98e322\",\"content\":\"\",\"id\":\"d9cc14d50fcb8c27539aacf776882942c1a11ea4472f8cdec1dea82fab66279d\",\"created_at\":1674164539,\"sig\":\"77127f636577e9029276be060332ea565deaf89ff215a494ccff16ae3f757065e2bc59b2e8c113dd407917a010b3abd36c8d7ad84c0e3ab7dab3a0b0caa9835d\",\"kind\":9734,\"tags\":[[\"e\",\"3624762a1274dd9636e0c552b53086d70bc88c165bc4dc0f9e836a1eaf86c3b8\"],[\"p\",\"32e1827635450ebb3c5a7d12c1f8e7b2b514439ac10a67eef3d9fd9c5c68e245\"],[\"relays\",\"wss://relay.damus.io\",\"wss://nostr-relay.wlvs.space\",\"wss://nostr.fmt.wiz.biz\",\"wss://relay.nostr.bg\",\"wss://nostr.oxtr.dev\",\"wss://nostr.v0l.io\",\"wss://brb.io\",\"wss://nostr.bitcoiner.social\",\"ws://monad.jb55.com:8080\",\"wss://relay.snort.social\"]]}"], ["preimage", "5d006d2cf1e73c7148e7519a4c68adc81642ce0e25a432b2434c99f97344c15f"] ], "content": "", - "sig": "b0a3c5c984ceb777ac455b2f659505df51585d5fd97a0ec1fdb5f3347d392080d4b420240434a3afd909207195dac1e2f7e3df26ba862a45afd8bfe101c2b1cc" } ``` From 3d8652ea147facb07adb51031e6b21f7e663dc10 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Mon, 1 Jan 2024 12:21:50 -0600 Subject: [PATCH 31/89] NIP-02, NIP-51: new tags should be added to the end of the list Fixes https://github.com/nostr-protocol/nips/issues/958 --- 02.md | 2 ++ 51.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/02.md b/02.md index 8c47a5f7..8b0aee15 100644 --- a/02.md +++ b/02.md @@ -27,6 +27,8 @@ For example: Every new following list that gets published overwrites the past ones, so it should contain all entries. Relays and clients SHOULD delete past following lists as soon as they receive a new one. +Whenever new follows are added to an existing list, clients SHOULD append them to the end of the list, so they are stored in chronological order. + ## Uses ### Follow list backup diff --git a/51.md b/51.md index f5a9a749..507c515a 100644 --- a/51.md +++ b/51.md @@ -10,6 +10,8 @@ This NIP defines lists of things that users can create. Lists can contain refere Public items in a list are specified in the event `tags` array, while private items are specified in a JSON array that mimics the structure of the event `tags` array, but stringified and encrypted using the same scheme from [NIP-04](04.md) (the shared key is computed using the author's public and private key) and stored in the `.content`. +When new items are added to an existing list, clients SHOULD append them to the end of the list, so they are stored in chronological order. + ## Types of lists ## Standard lists From 402c330ce9d7d0d4aadb6e73acbc8c9375e04594 Mon Sep 17 00:00:00 2001 From: GoodDaisy <90915921+GoodDaisy@users.noreply.github.com> Date: Fri, 5 Jan 2024 11:59:49 +0800 Subject: [PATCH 32/89] Fix typo in 01.md --- 01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01.md b/01.md index ecac6f6c..80ee7924 100644 --- a/01.md +++ b/01.md @@ -116,7 +116,7 @@ Clients can send 3 types of messages, which must be JSON arrays, according to th * `["REQ", <subscription_id>, <filters1>, <filters2>, ...]`, used to request events and subscribe to new updates. * `["CLOSE", <subscription_id>]`, used to stop previous subscriptions. -`<subscription_id>` is an arbitrary, non-empty string of max length 64 chars. It represents a subscription per connection. Relays MUST manage `<subscription_id>`s independently for each WebSocket connection. `<subscription_id>`s are not guarantueed to be globally unique. +`<subscription_id>` is an arbitrary, non-empty string of max length 64 chars. It represents a subscription per connection. Relays MUST manage `<subscription_id>`s independently for each WebSocket connection. `<subscription_id>`s are not guaranteed to be globally unique. `<filtersX>` is a JSON object that determines what events will be sent in that subscription, it can have the following attributes: From 8bfcbebae4d423cbf7b1b0c24ff4d1ad3964dca1 Mon Sep 17 00:00:00 2001 From: GoodDaisy <90915921+GoodDaisy@users.noreply.github.com> Date: Fri, 5 Jan 2024 11:59:58 +0800 Subject: [PATCH 33/89] Fix typo in 50.md --- 50.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/50.md b/50.md index 2bdf1ff1..9d1a54c3 100644 --- a/50.md +++ b/50.md @@ -41,7 +41,7 @@ implementation details between relays. Clients MAY verify that events returned by a relay match the specified query in a way that suits the client's use case, and MAY stop querying relays that have low precision. -Relays SHOULD exclude spam from search results by default if they supports some form of spam filtering. +Relays SHOULD exclude spam from search results by default if they support some form of spam filtering. ## Extensions From 2409f821a43fb42e40fdf0f348da6bb6855c2211 Mon Sep 17 00:00:00 2001 From: shuoer86 <129674997+shuoer86@users.noreply.github.com> Date: Sat, 6 Jan 2024 09:47:07 +0800 Subject: [PATCH 34/89] fix typo 44.md --- 44.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/44.md b/44.md index 0efa4825..f3071ea9 100644 --- a/44.md +++ b/44.md @@ -161,7 +161,7 @@ validation rules, refer to BIP-340. ### Implementation pseudocode The following is a collection of python-like pseudocode functions which implement the above primitives, -intended to guide impelmenters. A collection of implementations in different languages is available at https://github.com/paulmillr/nip44. +intended to guide implementers. A collection of implementations in different languages is available at https://github.com/paulmillr/nip44. ```py # Calculates length of the padded byte array. @@ -286,7 +286,7 @@ Example of a test vector from the file: The file also contains intermediate values. A quick guidance with regards to its usage: - `valid.get_conversation_key`: calculate conversation_key from secret key sec1 and public key pub2 -- `valid.get_message_keys`: calculate chacha_key, chacha_nocne, hmac_key from conversation_key and nonce +- `valid.get_message_keys`: calculate chacha_key, chacha_nonce, hmac_key from conversation_key and nonce - `valid.calc_padded_len`: take unpadded length (first value), calculate padded length (second value) - `valid.encrypt_decrypt`: emulate real conversation. Calculate pub2 from sec2, verify conversation_key from (sec1, pub2), encrypt, verify payload, then calculate pub1 from sec1, verify conversation_key from (sec2, pub1), decrypt, verify plaintext. - `valid.encrypt_decrypt_long_msg`: same as previous step, but instead of a full plaintext and payload, their checksum is provided. From 74a586d6ae04594987f1c950cfdbd5ca0e83542b Mon Sep 17 00:00:00 2001 From: shuoer86 <129674997+shuoer86@users.noreply.github.com> Date: Sat, 6 Jan 2024 09:47:17 +0800 Subject: [PATCH 35/89] fix typo 53.md --- 53.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/53.md b/53.md index e17f9656..fad2622f 100644 --- a/53.md +++ b/53.md @@ -94,7 +94,7 @@ Common use cases include meeting rooms/workshops, watch-together activities, or ["title", "Adult Swim Metalocalypse"], ["summary", "Live stream from IPTV-ORG collection"], ["streaming", "https://adultswim-vodlive.cdn.turner.com/live/metalocalypse/stream.m3u8"], - ["starts", "1687182672"] + ["starts", "1687182672"], ["status", "live"], ["t", "animation"], ["t", "iptv"], From 13c9202ba39e351a08d034db6cd9194d7c989949 Mon Sep 17 00:00:00 2001 From: zmeyer44 <54515037+zmeyer44@users.noreply.github.com> Date: Sun, 7 Jan 2024 15:32:03 +0000 Subject: [PATCH 36/89] Update 51.md to add support for video lists --- 51.md | 1 + 1 file changed, 1 insertion(+) diff --git a/51.md b/51.md index f5a9a749..a5ecd324 100644 --- a/51.md +++ b/51.md @@ -44,6 +44,7 @@ Aside from their main identifier, the `"d"` tag, sets can optionally have a `"ti | Relay sets | 30002 | user-defined relay groups the user can easily pick and choose from during various operations | `"relay"` (relay URLs) | | Bookmark sets | 30003 | user-defined bookmarks categories , for when bookmarks must be in labeled separate groups | `"e"` (kind:1 notes), `"a"` (kind:30023 articles), `"t"` (hashtags), `"r" (URLs)` | | Curation sets | 30004 | groups of articles picked by users as interesting and/or belonging to the same category | `"a"` (kind:30023 articles), `"e"` (kind:1 notes) | +| Curation sets | 30005 | groups of videos picked by users as interesting and/or belonging to the same category | `"a"` (kind:34235 videos), `"e"` (kind:1 notes) | | Interest sets | 30015 | interest topics represented by a bunch of "hashtags" | `"t"` (hashtags) | | Emoji sets | 30030 | categorized emoji groups | `"emoji"` (see [NIP-30](30.md)) | From ad40fbdab3c01be0fe553d8da41ff60863b9c4f0 Mon Sep 17 00:00:00 2001 From: zmeyer44 <54515037+zmeyer44@users.noreply.github.com> Date: Sun, 7 Jan 2024 20:00:04 +0000 Subject: [PATCH 37/89] remove kind 1 option --- 51.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/51.md b/51.md index a5ecd324..38e772d4 100644 --- a/51.md +++ b/51.md @@ -44,7 +44,7 @@ Aside from their main identifier, the `"d"` tag, sets can optionally have a `"ti | Relay sets | 30002 | user-defined relay groups the user can easily pick and choose from during various operations | `"relay"` (relay URLs) | | Bookmark sets | 30003 | user-defined bookmarks categories , for when bookmarks must be in labeled separate groups | `"e"` (kind:1 notes), `"a"` (kind:30023 articles), `"t"` (hashtags), `"r" (URLs)` | | Curation sets | 30004 | groups of articles picked by users as interesting and/or belonging to the same category | `"a"` (kind:30023 articles), `"e"` (kind:1 notes) | -| Curation sets | 30005 | groups of videos picked by users as interesting and/or belonging to the same category | `"a"` (kind:34235 videos), `"e"` (kind:1 notes) | +| Curation sets | 30005 | groups of videos picked by users as interesting and/or belonging to the same category | `"a"` (kind:34235 videos) | | Interest sets | 30015 | interest topics represented by a bunch of "hashtags" | `"t"` (hashtags) | | Emoji sets | 30030 | categorized emoji groups | `"emoji"` (see [NIP-30](30.md)) | From cfc8dfce8936867826bbf2cb79c3a8c8b21789fe Mon Sep 17 00:00:00 2001 From: vuittont60 <81072379+vuittont60@users.noreply.github.com> Date: Mon, 8 Jan 2024 13:50:52 +0800 Subject: [PATCH 38/89] nip-46: fix typo --- 46.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/46.md b/46.md index 1f8e6c8d..05247c59 100644 --- a/46.md +++ b/46.md @@ -34,7 +34,7 @@ The signer scans the QR code and sends a `connect` message to the client in the ## Event payloads -Event payloads are [NIP-04](04.md)-encrypted JSON blobs that look like JSONRPC messages (their format is specified inside the `.content` of the event formats nelow). +Event payloads are [NIP-04](04.md)-encrypted JSON blobs that look like JSONRPC messages (their format is specified inside the `.content` of the event formats below). Events sent by the client to the remote signer have the following format: From 0cd480dd84a3cd5fd693edba8abdf4a424ddd033 Mon Sep 17 00:00:00 2001 From: vuittont60 <81072379+vuittont60@users.noreply.github.com> Date: Mon, 8 Jan 2024 13:51:27 +0800 Subject: [PATCH 39/89] nip-58: fix typo --- 58.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/58.md b/58.md index e2a9f204..0ecef257 100644 --- a/58.md +++ b/58.md @@ -28,7 +28,7 @@ The following tags MAY be present: - A `name` tag with a short name for the badge. - `image` tag whose value is the URL of a high-resolution image representing the badge. The second value optionally specifies the dimensions of the image as `width`x`height` in pixels. Badge recommended dimensions is 1024x1024 pixels. - A `description` tag whose value MAY contain a textual representation of the -image, the meaning behind the badge, or the reason of it's issuance. +image, the meaning behind the badge, or the reason of its issuance. - One or more `thumb` tags whose first value is an URL pointing to a thumbnail version of the image referenced in the `image` tag. The second value optionally specifies the dimensions of the thumbnail as `width`x`height` in pixels. ### Badge Award event From b0e6c01321633f5e0de6ebf6676f018a218459a9 Mon Sep 17 00:00:00 2001 From: arthurfranca <arthur.a.franca@gmail.com> Date: Mon, 8 Jan 2024 14:05:01 -0300 Subject: [PATCH 40/89] NIP-96 - HTTP File Storage Integration (#547) * Add NIP-95 - File Storage * Add missing response info * Make it clear that is is an HTTP file storage server integration * Add monetization suggestion * Use zap split tags for monetization suggestion * Add resize option * Add Zap Gates Integration * Replace /nip96 convention with /.well-known/nostr.json configuration * Relays can choose to also act as HTTP file storage server * Remove nip96 tag in favor of x tags third element * Fix typo * Remove redirect cooperation * Replaced 422 with 400 status code * Update 96.md Co-authored-by: Jon Staab <jstaab@protonmail.com> * Update 96.md Co-authored-by: Jon Staab <jstaab@protonmail.com> * Update 96.md Co-authored-by: Jon Staab <jstaab@protonmail.com> * Update 96.md Co-authored-by: Jon Staab <jstaab@protonmail.com> * Update 96.md Co-authored-by: Jon Staab <jstaab@protonmail.com> * Update 96.md Co-authored-by: Jon Staab <jstaab@protonmail.com> * Update 96.md Co-authored-by: Jon Staab <jstaab@protonmail.com> * Make file expiration a range and add terms_of_service * Add optional content_type field * Add plans and tos * Remove monetization * Apply minor fixes * Update 96.md Co-authored-by: Semisol <45574030+Semisol@users.noreply.github.com> * Fix after review * Add kind 10096 * Apply suggestions * Add suggestions * Remove duplicate field * Add optional is_nip98_required plan config * Add suggestions * Replace x with ox tag for original file hash * Make minor changes * Remove nip96 namespace response field * Add note about alternative file processing flow * Simplify processing flow * Add nostrcheck to server list * Add audio/* example * Explain what metadata to show before processing is done * Add nostrage to list * Add eta * Add sove to list and replace eta with percentage * Fix status code * Add nostr.build to list * Add sovbit * Add optional extra http servers to ox tag * Add void.cat to list * Small fix * Remove ox third array element --------- Co-authored-by: Jon Staab <jstaab@protonmail.com> Co-authored-by: Semisol <45574030+Semisol@users.noreply.github.com> --- 94.md | 2 + 96.md | 302 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 1 + 3 files changed, 305 insertions(+) create mode 100644 96.md diff --git a/94.md b/94.md index 84a3d12f..eb8117a4 100644 --- a/94.md +++ b/94.md @@ -15,6 +15,7 @@ This NIP specifies the use of the `1063` event type, having in `content` a descr * `url` the url to download the file * `m` a string indicating the data type of the file. The [MIME types](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types) format must be used, and they should be lowercase. * `x` containing the SHA-256 hexencoded string of the file. +* `ox` containing the SHA-256 hexencoded string of the original file, before any transformations done by the upload server * `size` (optional) size of file in bytes * `dim` (optional) size of file in pixels in the form `<width>x<height>` * `magnet` (optional) URI to magnet file @@ -32,6 +33,7 @@ This NIP specifies the use of the `1063` event type, having in `content` a descr ["url",<string with URI of file>], ["m", <MIME type>], ["x",<Hash SHA-256>], + ["ox",<Hash SHA-256>], ["size", <size of file in bytes>], ["dim", <size of file in pixels>], ["magnet",<magnet URI> ], diff --git a/96.md b/96.md new file mode 100644 index 00000000..2641b2ab --- /dev/null +++ b/96.md @@ -0,0 +1,302 @@ +NIP-96 +====== + +HTTP File Storage Integration +----------------------------- + +`draft` `optional` `author:arthurfranca` `author:Semisol` `author:staab` `author:v0l` `author:bndw` `author:michaelhall923` `author:fishcakeday` `author:quentintaranpino` + +## Introduction + +This NIP defines a REST API for HTTP file storage servers intended to be used in conjunction with the nostr network. +The API will enable nostr users to upload files and later reference them by url on nostr notes. + +The spec DOES NOT use regular nostr events through websockets for +storing, requesting nor retrieving data because, for simplicity, the server +will not have to learn anything about nostr relays. + +## Server Adaptation + +File storage servers wishing to be accessible by nostr users should opt-in by making available an https route at `/.well-known/nostr/nip96.json` with `api_url`: + +```js +{ + // Required + // File upload and deletion are served from this url + // Also downloads if "download_url" field is absent or empty string + "api_url": "https://your-file-server.example/custom-api-path", + // Optional + // If absent, downloads are served from the api_url + "download_url": "https://a-cdn.example/a-path", + // Optional + // Note: This field is not meant to be set by HTTP Servers. + // Use this if you are a nostr relay using your /.well-known/nostr/nip96.json + // just to redirect to someone else's http file storage server's /.well-known/nostr/nip96.json + // In this case, "api_url" field must be an empty string + "delegated_to_url": "https://your-file-server.example", + // Optional + "supported_nips": [60], + // Optional + "tos_url": "https://your-file-server.example/terms-of-service", + // Optional + "content_types": ["image/jpeg", "video/webm", "audio/*"], + // Optional + "plans": { + // "free" is the only standardized plan key and + // clients may use its presence to learn if server offers free storage + "free": { + "name": "Free Tier", + // Default is true + // All plans MUST support NIP-98 uploads + // but some plans may also allow uploads without it + "is_nip98_required": true, + "url": "https://...", // plan's landing page if there is one + "max_byte_size": 10485760, + // Range in days / 0 for no expiration + // [7, 0] means it may vary from 7 days to unlimited persistence, + // [0, 0] means it has no expiration + // early expiration may be due to low traffic or any other factor + "file_expiration": [14, 90], + "media_transformations": { + "image": [ + 'resizing' + ] + } + } + } +} +``` + +### Relay Hints + +Note: This section is not meant to be used by HTTP Servers. + +A nostr relay MAY redirect to someone else's HTTP file storage server by +adding a `/.well-known/nostr/nip96.json` with "delegated_to_url" field +pointing to the url where the server hosts its own +`/.well-known/nostr/nip96.json`. In this case, the "api_url" field must +be an empty string and all other fields must be absent. + +If the nostr relay is also an HTTP file storage server, +it must use the "api_url" field instead. + +### List of Supporting File Storage Servers + +| Name | Domain | +| ------------- | ------------------------- | +| nostrcheck.me | https://nostrcheck.me | +| nostrage | https://nostrage.com | +| sove | https://sove.rent | +| nostr.build | https://nostr.build | +| sovbit | https://files.sovbit.host | +| void.cat | https://void.cat | + +## Upload + +A file can be uploaded one at a time to `https://your-file-server.example/custom-api-path` (route from `https://your-file-server.example/.well-known/nostr/nip96.json` "api_url" field) as `multipart/form-data` content type using `POST` method with the file object set to the `file` form data field. + +`Clients` must add an [NIP-98](98.md) `Authorization` header (**optionally** with the encoded `payload` tag set to the base64-encoded 256-bit SHA-256 hash of the file - not the hash of the whole request body). +If using an html form, use an `Authorization` form data field instead. + +These following **optional** form data fields MAY be used by `servers` and SHOULD be sent by `clients`: +- `expiration`: string of the UNIX timestamp in seconds. Empty string if file should be stored forever. The server isn't required to honor this; +- `size`: string of the file byte size. This is just a value the server can use to reject early if the file size exceeds the server limits; +- `alt`: (recommended) strict description text for visibility-impaired users; +- `caption`: loose description; +- `media_type`: "avatar" or "banner". Informs the server if the file will be used as an avatar or banner. If absent, the server will interpret it as a normal upload, without special treatment; +- `content_type`: mime type such as "image/jpeg". This is just a value the server can use to reject early if the mime type isn't supported. + + +Others custom form data fields may be used depending on specific `server` support. +The `server` isn't required to store any metadata sent by `clients`. + +Note for `clients`: if using an HTML form, it is important for the `file` form field to be the **last** one, or be re-ordered right before sending or be appended as the last field of XHR2's FormData object. + +The `filename` embedded in the file may not be honored by the `server`, which could internally store just the SHA-256 hash value as the file name, ignoring extra metadata. +The hash is enough to uniquely identify a file, that's why it will be used on the "download" and "delete" routes. + +The `server` MUST link the user's `pubkey` string (which is embedded in the decoded header value) as the owner of the file so to later allow them to delete the file. +Note that if a file with the same hash of a previously received file (so the same file) is uploaded by another user, the server doesn't need to store the new file. +It should just add the new user's `pubkey` to the list of the owners of the already stored file with said hash (if it wants to save space by keeping just one copy of the same file, because multiple uploads of the same file results in the same file hash). + +The `server` MAY also store the `Authorization` header/field value (decoded or not) for accountability purpose as this proves that the user with the unique pubkey did ask for the upload of the file with a specific hash. However, storing the pubkey is sufficient to establish ownership. + +The `server` MUST reject with 413 Payload Too Large if file size exceeds limits. + +The `server` MUST reject with 400 Bad Request status if some fields are invalid. + +The `server` MUST reply to the upload with 200 OK status if the `payload` tag value contains an already used SHA-256 hash (if file is already owned by the same pubkey) or reject the upload with 403 Forbidden status if it isn't the same of the received file. + +The `server` MAY reject the upload with 402 Payment Required status if the user has a pending payment (Payment flow is not strictly required. Server owners decide if the storage is free or not. Monetization schemes may be added later to correlated NIPs.). + +On successful uploads the `server` MUST reply with **201 Created** HTTP status code or **202 Accepted** if a `processing_url` field is added +to the response so that the `client` can follow the processing status (see [Delayed Processing](#delayed-processing) section). + +The upload response is a json object as follows: + +```js +{ + // "success" if successful or "error" if not + status: "success", + // Free text success, failure or info message + message: "Upload successful.", + // Optional. See "Delayed Processing" section + processing_url: "...", + // This uses the NIP-94 event format but DO NOT need + // to fill some fields like "id", "pubkey", "created_at" and "sig" + // + // This holds the download url ("url"), + // the ORIGINAL file hash before server transformations ("ox") + // and, optionally, all file metadata the server wants to make available + // + // nip94_event field is absent if unsuccessful upload + nip94_event: { + // Required tags: "url" and "ox" + tags: [ + // Can be same from /.well-known/nostr/nip96.json's "download_url" field + // (or "api_url" field if "download_url" is absent or empty) with appended + // original file hash. + // + // Note we appended .png file extension to the `ox` value + // (it is optional but extremely recommended to add the extension as it will help nostr clients + // with detecting the file type by using regular expression) + // + // Could also be any url to download the file + // (using or not using the /.well-known/nostr/nip96.json's "download_url" prefix), + // for load balancing purposes for example. + ["url", "https://your-file-server.example/custom-api-path/719171db19525d9d08dd69cb716a18158a249b7b3b3ec4bbdec5698dca104b7b.png"], + // SHA-256 hash of the ORIGINAL file, before transformations. + // The server MUST store it even though it represents the ORIGINAL file because + // users may try to download/delete the transformed file using this value + ["ox", "719171db19525d9d08dd69cb716a18158a249b7b3b3ec4bbdec5698dca104b7b"], + // Optional. SHA-256 hash of the saved file after any server transformations. + // The server can but does not need to store this value. + ["x", "543244319525d9d08dd69cb716a18158a249b7b3b3ec4bbde5435543acb34443"], + // Optional. Recommended for helping clients to easily know file type before downloading it. + ["m", "image/png"] + // Optional. Recommended for helping clients to reserve an adequate UI space to show the file before downloading it. + ["dim", "800x600"] + // ... other optional NIP-94 tags + ], + content: "" + }, + // ... other custom fields (please consider adding them to this NIP or to NIP-94 tags) +} +``` + +Note that if the server didn't apply any transformation to the received file, both `nip94_event.tags.*.ox` and `nip94_event.tags.*.x` fields will have the same value. The server MUST link the saved file to the SHA-256 hash of the **original** file before any server transformations (the `nip94_event.tags.*.ox` tag value). The **original** file's SHA-256 hash will be used to identify the saved file when downloading or deleting it. + +`Clients` may upload the same file to one or many `servers`. +After successful upload, the `client` may optionally generate and send to any set of nostr `relays` a [NIP-94](94.md) event by including the missing fields. + +Alternatively, instead of using NIP-94, the `client` can share or embed on a nostr note just the above url with added "ox" [NIP-54](54.md) inline metadata field and optionally other ones. + +### Delayed Processing + +Sometimes the server may want to place the uploaded file in a processing queue for deferred file processing. + +In that case, the server MUST serve the original file while the processing isn't done, then swap the original file for the processed one when the processing is over. The upload response is the same as usual but some optional metadata like `nip94_event.tags.*.x` and `nip94_event.tags.*.size` won't be available. + +The expected resulting metadata that is known in advance should be returned on the response. +For example, if the file processing would change a file from "jpg" to "webp", +use ".webp" extension on the `nip94_event.tags.*.url` field value and set "image/webp" to the `nip94_event.tags.*.m` field. +If some metadata are unknown before processing ends, omit them from the response. + +The upload response MAY include a `processing_url` field informing a temporary url that may be used by clients to check if +the file processing is done. + +If the processing isn't done, the server should reply at the `processing_url` url with **200 OK** and the following JSON: + +``` +{ + // It should be "processing". If "error" it would mean the processing failed. + status: "processing", + message: "Processing. Please check again later for updated status.", + percentage: 15 // Processing percentage. An integer between 0 and 100. +} +``` + +When the processing is over, the server replies at the `processing_url` url with **201 Created** status and a regular successful JSON response already mentioned before (now **without** a `processing_url` field), possibly including optional metadata at `nip94_event.tags.*` fields +that weren't available before processing. + +### File compression + +File compression and other transformations like metadata stripping can be applied by the server. +However, for all file actions, such as download and deletion, the **original** file SHA-256 hash is what identifies the file in the url string. + +## Download + +`Servers` must make available the route `https://your-file-server.example/custom-api-path/<sha256-file-hash>(.ext)` (route taken from `https://your-file-server.example/.well-known/nostr/nip96.json` "api_url" or "download_url" field) with `GET` method for file download. + +The primary file download url informed at the upload's response field `nip94_event.tags.*.url` +can be that or not (it can be any non-standard url the server wants). +If not, the server still MUST also respond to downloads at the standard url +mentioned on the previous paragraph, to make it possible for a client +to try downloading a file on any NIP-96 compatible server by knowing just the SHA-256 file hash. + +Note that the "\<sha256-file-hash\>" part is from the **original** file, **not** from the **transformed** file if the uploaded file went through any server transformation. + +Supporting ".ext", meaning "file extension", is required for `servers`. It is optional, although recommended, for `clients` to append it to the path. +When present it may be used by `servers` to know which `Content-Type` header to send (e.g.: "Content-Type": "image/png" for ".png" extension). +The file extension may be absent because the hash is the only needed string to uniquely identify a file. + +Example: `https://your-file-server.example/custom-api-path/719171db19525d9d08dd69cb716a18158a249b7b3b3ec4bbdec5698dca104b7b.png` + +### Media Transformations + +`Servers` may respond to some media transformation query parameters and ignore those they don't support by serving +the original media file without transformations. + +#### Image Transformations + +##### Resizing + +Upon upload, `servers` may create resized image variants, such as thumbnails, respecting the original aspect ratio. +`Clients` may use the `w` query parameter to request an image version with the desired pixel width. +`Servers` can then serve the variant with the closest width to the parameter value +or an image variant generated on the fly. + +Example: `https://your-file-server.example/custom-api-path/<sha256-file-hash>.png?w=32` + +## Deletion + +`Servers` must make available the route `https://deletion.domain/deletion-path/<sha256-file-hash>(.ext)` (route taken from `https://your-file-server.example/.well-known/nostr/nip96.json` "api_url" field) with `DELETE` method for file deletion. + +Note that the "\<sha256-file-hash\>" part is from the **original** file, **not** from the **transformed** file if the uploaded file went through any server transformation. + +The extension is optional as the file hash is the only needed file identification. + +`Clients` should send a `DELETE` request to the server deletion route in the above format. It must include a NIP-98 `Authorization` header. + +The `server` should reject deletes from users other than the original uploader. The `pubkey` encoded on the header value identifies the user. + +It should be noted that more than one user may have uploaded the same file (with the same hash). In this case, a delete must not really delete the file but just remove the user's `pubkey` from the file owners list (considering the server keeps just one copy of the same file, because multiple uploads of the same file results +in the same file hash). + +The successfull response is a 200 OK one with just basic JSON fields: + +``` +{ + status: "success", + message: "File deleted." +} +``` + +## Selecting a Server + +Note: HTTP File Storage Server developers may skip this section. This is meant for client developers. + +A File Server Preference event is a kind 10096 replaceable event meant to select one or more servers the user wants +to upload files to. Servers are listed as `server` tags: + +```js +{ + // ... + "kind": 10096, + "content": "", + "tags": [ + ["server", "https://file.server.one"], + ["server", "https://file.server.two"] + ] +} +``` diff --git a/README.md b/README.md index bf340a88..678818d5 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-89: Recommended Application Handlers](89.md) - [NIP-90: Data Vending Machines](90.md) - [NIP-94: File Metadata](94.md) +- [NIP-96: HTTP File Storage Integration](96.md) - [NIP-98: HTTP Auth](98.md) - [NIP-99: Classified Listings](99.md) From 4d32f3a1dbdf056172023df71d18dacd8e804e4b Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Tue, 9 Jan 2024 12:35:41 +0900 Subject: [PATCH 41/89] Remove authors --- 96.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/96.md b/96.md index 2641b2ab..661bd45e 100644 --- a/96.md +++ b/96.md @@ -4,7 +4,7 @@ NIP-96 HTTP File Storage Integration ----------------------------- -`draft` `optional` `author:arthurfranca` `author:Semisol` `author:staab` `author:v0l` `author:bndw` `author:michaelhall923` `author:fishcakeday` `author:quentintaranpino` +`draft` `optional` ## Introduction From 56610771b6b0c61b2269fc16f163a004b585f726 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ioan=20Biz=C4=83u?= <i@ibz.me> Date: Tue, 9 Jan 2024 13:35:40 +0200 Subject: [PATCH 42/89] Add auctions to NIP-15. (#859) * Add auctions to NIP-15. * Update 15.md Co-authored-by: Vlad Stan <stan.v.vlad@gmail.com> * Address comments from @motorina0. * Remove reference to removed type=10. --------- Co-authored-by: Vlad Stan <stan.v.vlad@gmail.com> --- 15.md | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 77 insertions(+), 1 deletion(-) diff --git a/15.md b/15.md index 1c3154a3..e2ba639c 100644 --- a/15.md +++ b/15.md @@ -149,7 +149,6 @@ The `merchant` and the `customer` can exchange JSON messages that represent diff | 1 | Merchant | Payment Request | | 2 | Merchant | Order Status Update | - ### Step 1: `customer` order (event) The below json goes in content of [NIP04](https://github.com/nostr-protocol/nips/blob/master/04.md). @@ -229,7 +228,9 @@ The below json goes in `content` of [NIP04](https://github.com/nostr-protocol/ni "shipped": <bool: has been shipped>, } ``` + ## Customize Marketplace + Create a customized user experience using the `naddr` from [NIP-19](https://github.com/nostr-protocol/nips/blob/master/19.md#shareable-identifiers-with-extra-metadata). The use of `naddr` enables easy sharing of marketplace events while incorporating a rich set of metadata. This metadata can include relays, merchant profiles, and more. Subsequently, it allows merchants to be grouped into a market, empowering the market creator to configure the marketplace's user interface and user experience, and share that marketplace. This customization can encompass elements such as market name, description, logo, banner, themes, and even color schemes, offering a tailored and unique marketplace experience. ### Event `30019`: Create or update marketplace UI/UX @@ -253,6 +254,81 @@ Create a customized user experience using the `naddr` from [NIP-19](https://gith This event leverages naddr to enable comprehensive customization and sharing of marketplace configurations, fostering a unique and engaging marketplace environment. +## Auctions + +### Event `30020`: Create or update a product sold as an auction + +**Event Content**: +```json +{ + "id": <String, UUID generated by the merchant. Sequential IDs (`0`, `1`, `2`...) are discouraged>, + "stall_id": <String, UUID of the stall to which this product belong to>, + "name": <String, product name>, + "description": <String (optional), product description>, + "images": <[String], array of image URLs, optional>, + "starting_bid": <int>, + "start_date": <int (optional) UNIX timestamp, date the auction started / will start>, + "duration": <int, number of seconds the auction will run for, excluding eventual time extensions that might happen>, + "specs": [ + [<String, spec key>, <String, spec value>] + ], + "shipping": [ + { + "id": <String, UUID of the shipping zone. Must match one of the zones defined for the stall>, + "cost": <float, extra cost for shipping. The currency is defined at the stall level>, + } + ] +} +``` + +> [!NOTE] +> Items sold as an auction are very similar in structure to fixed-price items, with some important differences worth noting. + +* The `start_date` can be set to a date in the future if the auction is scheduled to start on that date, or can be omitted if the start date is unknown/hidden. If the start date is not specified, the auction will have to be edited later to set an actual date. + +* The auction runs for an initial number of seconds after the `start_date`, specified by `duration`. + +### Event `1021`: Bid + +```json +{ + "content": <int, amount of sats>, + "tags": [["e", <event ID of the auction to bid on>]], +} +``` + +Bids are simply events of kind `1021` with a `content` field specifying the amount, in the currency of the auction. Bids must reference an auction. + +> [!NOTE] +> Auctions can be edited as many times as desired (they are "parameterized replaceable events") by the author - even after the start_date, but they cannot be edited after they have received the first bid! This is enforced by the fact that bids reference the event ID of the auction (rather than the product UUID), which changes with every new version of the auctioned product. So a bid is always attached to one "version". Editing the auction after a bid would result in the new product losing the bid! + +### Event `1022`: Bid confirmation + +**Event Content**: + +```json +{ + "status": <String, "accepted" | "rejected" | "pending" | "winner">, + "message": <String (optional)>, + "duration_extended": <int (optional), number of seconds>, +} +``` + +**Event Tags**: +```json + "tags": [["e" <event ID of the bid being confirmed>], ["e", <event ID of the auction>]], +``` + +Bids should be confirmed by the merchant before being considered as valid by other clients. So clients should subscribe to *bid confirmation* events (kind `1022`) for every auction that they follow, in addition to the actual bids and should check that the pubkey of the bid confirmation matches the pubkey of the merchant (in addition to checking the signature). + +The `content` field is a JSON which includes *at least* a `status`. `winner` is how the *winning bid* is replied to after the auction ends and the winning bid is picked by the merchant. + +The reasons for which a bid can be marked as `rejected` or `pending` are up to the merchant's implementation and configuration - they could be anything from basic validation errors (amount too low) to the bidder being blacklisted or to the bidder lacking sufficient *trust*, which could lead to the bid being marked as `pending` until sufficient verification is performed. The difference between the two is that `pending` bids *might* get approved after additional steps are taken by the bidder, whereas `rejected` bids can not be later approved. + +An additional `message` field can appear in the `content` JSON to give further context as of why a bid is `rejected` or `pending`. + +Another thing that can happen is - if bids happen very close to the end date of the auction - for the merchant to decide to extend the auction duration for a few more minutes. This is done by passing a `duration_extended` field as part of a bid confirmation, which would contain a number of seconds by which the initial duration is extended. So the actual end date of an auction is always `start_date + duration + (SUM(c.duration_extended) FOR c in all confirmations`. + ## Customer support events Customer support is handled over whatever communication method was specified. If communicating via nostr, NIP-04 is used https://github.com/nostr-protocol/nips/blob/master/04.md. From 8331354947f2d577e13eb5da4a56133071cb1019 Mon Sep 17 00:00:00 2001 From: fiatjaf <fiatjaf@gmail.com> Date: Wed, 10 Jan 2024 10:43:30 -0300 Subject: [PATCH 43/89] remove NIP-52 label cruft. --- 52.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/52.md b/52.md index 4ec68369..5ac116b9 100644 --- a/52.md +++ b/52.md @@ -187,10 +187,8 @@ The `.content` of these events is optional and should be a free-form note that a The list of tags are as follows: * `a` (required) reference tag to kind `31922` or `31923` calendar event being responded to. * `d` (required) universally unique identifier. Generated by the client creating the calendar event RSVP. -* `L` (required) label namespace of `status` per [NIP-32](32.md) -* `l` (required) label of `accepted`, `declined`, or `tentative` under the label namespace of `status` per [NIP-32](32.md). Determines attendance status to the referenced calendar event. -* `L` (optional) label namespace of `freebusy` per [NIP-32](32.md). Exists if and only if corresponding `l` tag under the same label namespace exists. -* `l` (optional) label of `free` or `busy` under the label namespace of `freebusy` per [NIP-32](32.md). Determines if the user would be free or busy for the duration of the calendar event. This tag must be omitted or ignored if the `status` label is set to `declined`. Exists if and only if corresponding `l` tag under the same label namespace exists. +* `status` (required) `accepted`, `declined`, or `tentative`. Determines attendance status to the referenced calendar event. +* `fb` (optional) `free` or `busy`. Determines if the user would be free or busy for the duration of the calendar event. This tag must be omitted or ignored if the `status` label is set to `declined`. ```json { @@ -202,10 +200,8 @@ The list of tags are as follows: "tags": [ ["a", "<31922 or 31923>:<calendar event author pubkey>:<d-identifier of calendar event>", "<optional relay url>"], ["d", "<UUID>"], - ["L", "status"], - ["l", "<accepted/declined/tentative>", "status"], - ["L", "freebusy"], - ["l", "<free/busy>", "freebusy"] + ["status", "<accepted/declined/tentative>"], + ["fb", "<free/busy>"], ] } ``` From 4b4e9fabfd66a3200222b3b2e71946c2640e701f Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Sat, 13 Jan 2024 01:23:01 +0900 Subject: [PATCH 44/89] Add kind and tag for NIP-96 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 678818d5..cf3827e8 100644 --- a/README.md +++ b/README.md @@ -118,6 +118,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `10007` | Search relays list | [51](51.md) | | `10015` | Interests list | [51](51.md) | | `10030` | User emoji list | [51](51.md) | +| `10096` | File storage server list | [96](96.md) | | `13194` | Wallet Info | [47](47.md) | | `21000` | Lightning Pub RPC | [Lightning.Pub][lnpub] | | `22242` | Client Authentication | [42](42.md) | @@ -220,6 +221,7 @@ Please update these lists when proposing NIPs introducing new event kinds. | `published_at` | unix timestamp (string) | -- | [23](23.md) | | `relay` | relay url | -- | [42](42.md) | | `relays` | relay list | -- | [57](57.md) | +| `server` | file storage server url | -- | [96](96.md) | | `subject` | subject | -- | [14](14.md) | | `summary` | article summary | -- | [23](23.md) | | `thumb` | badge thumbnail | dimensions in pixels | [58](58.md) | From 20d33785fc2e2884f28bece04e4fab679b621ec8 Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Sat, 13 Jan 2024 03:46:59 +0900 Subject: [PATCH 45/89] Remove NIP-54 mention temporarily (#981) * Remove NIP-54 mention temporarily * Update 96.md Co-authored-by: arthurfranca <arthur.a.franca@gmail.com> --------- Co-authored-by: arthurfranca <arthur.a.franca@gmail.com> --- 96.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/96.md b/96.md index 661bd45e..d8ea105e 100644 --- a/96.md +++ b/96.md @@ -189,7 +189,7 @@ Note that if the server didn't apply any transformation to the received file, bo `Clients` may upload the same file to one or many `servers`. After successful upload, the `client` may optionally generate and send to any set of nostr `relays` a [NIP-94](94.md) event by including the missing fields. -Alternatively, instead of using NIP-94, the `client` can share or embed on a nostr note just the above url with added "ox" [NIP-54](54.md) inline metadata field and optionally other ones. +Alternatively, instead of using NIP-94, the `client` can share or embed on a nostr note just the above url. ### Delayed Processing From d8d75d9b19e6c66f7d75c771e784cd9dee4d2320 Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Tue, 16 Jan 2024 23:28:23 +0900 Subject: [PATCH 46/89] Fix some minor nitpicks in NIP-15 and NIP-51 --- 15.md | 20 ++++++++++---------- 51.md | 14 +++++++------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/15.md b/15.md index e2ba639c..55814fb5 100644 --- a/15.md +++ b/15.md @@ -56,7 +56,7 @@ A merchant can publish these events: "id": <string, id of the shipping zone, generated by the merchant>, "name": <string (optional), zone name>, "cost": <float, base cost for shipping. The currency is defined at the stall level>, - "regions": [<string, regions included in this zone>], + "regions": [<string, regions included in this zone>] } ] } @@ -101,7 +101,7 @@ Fields that are not self-explanatory: "shipping": [ { "id": <string, id of the shipping zone (must match one of the zones defined for the stall)>, - "cost": <float, extra cost for shipping. The currency is defined at the stall level>, + "cost": <float, extra cost for shipping. The currency is defined at the stall level> } ] } @@ -139,7 +139,7 @@ Fields that are not self-explanatory: ## Checkout events -All checkout events are sent as JSON strings using ([NIP04](https://github.com/nostr-protocol/nips/blob/master/04.md)). +All checkout events are sent as JSON strings using ([NIP-04](https://github.com/nostr-protocol/nips/blob/master/04.md)). The `merchant` and the `customer` can exchange JSON messages that represent different actions. Each `JSON` message `MUST` have a `type` field indicating the what the JSON represents. Possible types: @@ -150,19 +150,19 @@ The `merchant` and the `customer` can exchange JSON messages that represent diff | 2 | Merchant | Order Status Update | ### Step 1: `customer` order (event) -The below json goes in content of [NIP04](https://github.com/nostr-protocol/nips/blob/master/04.md). +The below JSON goes in content of [NIP-04](https://github.com/nostr-protocol/nips/blob/master/04.md). ```json { "id": <string, id generated by the customer>, "type": 0, "name": <string (optional), ???>, - "address": <string (optional), for physical goods an address should be provided> + "address": <string (optional), for physical goods an address should be provided>, "message": "<string (optional), message for merchant>, "contact": { "nostr": <32-bytes hex of a pubkey>, "phone": <string (optional), if the customer wants to be contacted by phone>, - "email": <string (optional), if the customer wants to be contacted by email>, + "email": <string (optional), if the customer wants to be contacted by email> }, "items": [ { @@ -182,7 +182,7 @@ _Open_: is `contact.nostr` required? Sent back from the merchant for payment. Any payment option is valid that the merchant can check. -The below json goes in `content` of [NIP04](https://github.com/nostr-protocol/nips/blob/master/04.md). +The below JSON goes in `content` of [NIP-04](https://github.com/nostr-protocol/nips/blob/master/04.md). `payment_options`/`type` include: @@ -217,7 +217,7 @@ The below json goes in `content` of [NIP04](https://github.com/nostr-protocol/ni Once payment has been received and processed. -The below json goes in `content` of [NIP04](https://github.com/nostr-protocol/nips/blob/master/04.md). +The below JSON goes in `content` of [NIP-04](https://github.com/nostr-protocol/nips/blob/master/04.md). ```json { @@ -275,7 +275,7 @@ This event leverages naddr to enable comprehensive customization and sharing of "shipping": [ { "id": <String, UUID of the shipping zone. Must match one of the zones defined for the stall>, - "cost": <float, extra cost for shipping. The currency is defined at the stall level>, + "cost": <float, extra cost for shipping. The currency is defined at the stall level> } ] } @@ -310,7 +310,7 @@ Bids are simply events of kind `1021` with a `content` field specifying the amou { "status": <String, "accepted" | "rejected" | "pending" | "winner">, "message": <String (optional)>, - "duration_extended": <int (optional), number of seconds>, + "duration_extended": <int (optional), number of seconds> } ``` diff --git a/51.md b/51.md index 47ed8991..9a1639f8 100644 --- a/51.md +++ b/51.md @@ -18,18 +18,18 @@ When new items are added to an existing list, clients SHOULD append them to the Standard lists use non-parameterized replaceable events, meaning users may only have a single list of each kind. They have special meaning and clients may rely on them to augment a user's profile or browsing experience. -For example, _mute lists_ can contain the public keys of spammers and bad actors users don't want to see in their feeds or receive annoying notifications from. +For example, _mute list_ can contain the public keys of spammers and bad actors users don't want to see in their feeds or receive annoying notifications from. | name | kind | description | expected tag items | | --- | --- | --- | --- | | Mute list | 10000 | things the user doesn't want to see in their feeds | `"p"` (pubkeys), `"t"` (hashtags), `"word"` (lowercase string), `"e"` (threads) | | Pinned notes | 10001 | events the user intends to showcase in their profile page | `"e"` (kind:1 notes) | -| Bookmarks | 10003 | uncategorized, "global" list of things a user wants to save | `"e"` (kind:1 notes), `"a"` (kind:30023 articles), `"t"` (hashtags), `"r" (URLs)` | +| Bookmarks | 10003 | uncategorized, "global" list of things a user wants to save | `"e"` (kind:1 notes), `"a"` (kind:30023 articles), `"t"` (hashtags), `"r"` (URLs) | | Communities | 10004 | [NIP-72](72.md) communities the user belongs to | `"a"` (kind:34550 community definitions) | -| Public chats | 10005 | [NIP-28](28.md) chat channels the user is in | `"e"` (kind:40 channel definitions) | +| Public chats | 10005 | [NIP-28](28.md) chat channels the user is in | `"e"` (kind:40 channel definitions) | | Blocked relays | 10006 | relays clients should never connect to | `"relay"` (relay URLs) | | Search relays | 10007 | relays clients should use when performing search queries | `"relay"` (relay URLs) | -| Interests | 10015 | topics a user may be interested in and pointers | `"t"` (hashtags) and `"a" (kind:30015 interest set)` | +| Interests | 10015 | topics a user may be interested in and pointers | `"t"` (hashtags) and `"a"` (kind:30015 interest set) | | Emojis | 10030 | user preferred emojis and pointers to emoji sets | `"emoji"` (see [NIP-30](30.md)) and `"a"` (kind:30030 emoji set) | ## Sets @@ -44,9 +44,9 @@ Aside from their main identifier, the `"d"` tag, sets can optionally have a `"ti | --- | --- | --- | --- | | Follow sets | 30000 | categorized groups of users a client may choose to check out in different circumstances | `"p"` (pubkeys) | | Relay sets | 30002 | user-defined relay groups the user can easily pick and choose from during various operations | `"relay"` (relay URLs) | -| Bookmark sets | 30003 | user-defined bookmarks categories , for when bookmarks must be in labeled separate groups | `"e"` (kind:1 notes), `"a"` (kind:30023 articles), `"t"` (hashtags), `"r" (URLs)` | +| Bookmark sets | 30003 | user-defined bookmarks categories , for when bookmarks must be in labeled separate groups | `"e"` (kind:1 notes), `"a"` (kind:30023 articles), `"t"` (hashtags), `"r"` (URLs) | | Curation sets | 30004 | groups of articles picked by users as interesting and/or belonging to the same category | `"a"` (kind:30023 articles), `"e"` (kind:1 notes) | -| Curation sets | 30005 | groups of videos picked by users as interesting and/or belonging to the same category | `"a"` (kind:34235 videos) | +| Curation sets | 30005 | groups of videos picked by users as interesting and/or belonging to the same category | `"a"` (kind:34235 videos) | | Interest sets | 30015 | interest topics represented by a bunch of "hashtags" | `"t"` (hashtags) | | Emoji sets | 30030 | categorized emoji groups | `"emoji"` (see [NIP-30](30.md)) | @@ -82,7 +82,7 @@ Some clients have used these lists in the past, but they should work on transiti ### A _curation set_ of articles and notes about yaks -``` +```json { "id": "567b41fc9060c758c4216fe5f8d3df7c57daad7ae757fa4606f0c39d4dd220ef", "pubkey": "d6dc95542e18b8b7aec2f14610f55c335abebec76f3db9e58c254661d0593a0c", From d7293a3924143b222ffbda0dba11a373136e1269 Mon Sep 17 00:00:00 2001 From: Jonathan Staab <shtaab@gmail.com> Date: Fri, 11 Aug 2023 08:34:56 -0700 Subject: [PATCH 47/89] Introduce NIP-59 gift wrap --- 59.md | 250 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 250 insertions(+) create mode 100644 59.md diff --git a/59.md b/59.md new file mode 100644 index 00000000..cd841cff --- /dev/null +++ b/59.md @@ -0,0 +1,250 @@ +NIP-59 +====== + +Gift Wrap +--------- + +`optional` + +This NIP defines a protocol for encapsulating any nostr event. This makes it possible to obscure most metadata +for a given event, perform collaborative signing, and more. + +This NIP relies on [NIP-44](./44.md)'s versioned encryption algorithms. + +# Overview + +This protocol uses three main concepts to protect the transmission of a target event: `rumor`s, `seal`s, and `gift wrap`s. + +- A `rumor` is a regular nostr event, but is **not signed**. This means that if it is leaked, it cannot be verified. +- A `rumor` is serialized to JSON, encrypted, and placed in the `content` field of a `seal`. The `seal` is then + signed by the author of the note. The only information publicly available on a `seal` is who signed it, but not what was said. +- A `seal` is serialized to JSON, encrypted, and placed in the `content` field of a `gift wrap`. + +This allows the isolation of concerns across layers: + +- A rumor carries the content but is unsigned, which means if leaked it will be rejected by relays and clients, + and can't be authenticated. This provides a measure of deniability. +- A seal identifies the author without revealing the content or the recipient. +- A gift wrap can add metadata (recipient, tags, a different author) without revealing the true author. + +# Protocol Description + +## 1. The Rumor Event Kind + +A `rumor` is the same thing as an unsigned event. Any event kind can be made a `rumor` by removing the signature. + +## 2. The Seal Event Kind + +A `seal` is a `kind:13` event that wraps a `rumor` with the sender's regular key. The `seal` is **always** encrypted +to a receiver's pubkey but there is no `p` tag pointing to the receiver. There is no way to know who the rumor is for +without the receiver's or the sender's private key. The only public information in this event is who is signing it. + +```js +{ + "id": "<id>", + "pubkey": "<real author's pubkey>", + "content": "<encrypted rumor>", + "kind": 13, + "created_at": 1686840217, + "tags": [], + "sig": "<real author's pubkey signature>" +} +``` + +Tags MUST must always be empty in a `kind:13`. The inner event MUST always be unsigned. + +## 3. Gift Wrap Event Kind + +A `gift wrap` event is a `kind:1059` event that wraps any other event. `tags` MUST include a single `p` tag +containing the recipient's public key. + +The goal is to hide the sender's information, the metadata, and the content of the original event from the public. +The only public information is the receiver's public key. + +```js +{ + "id": "<id>", + "pubkey": "<random, one-time-use pubkey>", + "content": "<encrypted kind 13>", + "kind": 1059, + "created_at": 1686840217, + "tags": [["p", "<Receiver>"]], + "sig": "<random, one-time-use pubkey signature>" +} +``` + +# Encrypting Payloads + +Encryption is done following NIP-44 on the JSON-encoded event. Place the the encryption payload in the `.content` +of the wrapper event (either a `seal` or a `gift wrap`). + +# Other Considerations + +If a `rumor` is intended for more than one party, or if the author wants to retain an encrypted copy, a single +`rumor` may be wrapped and addressed for each recipient individually. + +The canonical `created_at` time belongs to the `rumor`. All other timestamps SHOULD be tweaked to thwart +time-analysis attacks. Note that some relays don't serve events dated in the future, so all timestamps +SHOULD be in the past. + +Relays may choose not to store gift wrapped events due to them not being publicly useful. Clients MAY choose +to attach a certain amount of proof-of-work to the wrapper event per NIP-13 in a bid to demonstrate that +the event is not spam or a denial-of-service attack. + +To protect recipient metadata, relays SHOULD guard access to kind 1059 events based on user AUTH. When +possible, clients should only send wrapped events to relays that offer this protection. + +To protect recipient metadata, relays SHOULD only serve kind 1059 events intended for the marked recipient. +When possible, clients should only send wrapped events to `read` relays for the recipient that implement +AUTH, and refuse to serve wrapped events to non-recipients. + +# An Example + +Let's send a wrapped `kind 1` message between two parties asking "Are you going to the party tonight?" + +- Author private key: `0beebd062ec8735f4243466049d7747ef5d6594ee838de147f8aab842b15e273` +- Recipient private key: `e108399bd8424357a710b606ae0c13166d853d327e47a6e5e038197346bdbf45` +- Ephemeral wrapper key: `4f02eac59266002db5801adc5270700ca69d5b8f761d8732fab2fbf233c90cbd` + +## 1. Create an event + +Create a `kind 1` event with the message, the receivers, and any other tags you want, signed by the author. +Do not sign the event. + +```json +{ + "created_at": 1691518405, + "content": "Are you going to the party tonight?", + "tags": [], + "kind": 1, + "pubkey": "611df01bfcf85c26ae65453b772d8f1dfd25c264621c0277e1fc1518686faef9", + "id": "9dd003c6d3b73b74a85a9ab099469ce251653a7af76f523671ab828acd2a0ef9" +} +``` + +## 2. Seal the rumor + +Encrypt the JSON-encoded `rumor` with a conversation key derived using the author's private key and +the recipient's public key. Place the result in the `content` field of a `kind 13` `seal` event. Sign +it with the author's key. + +```json +{ + "content": "AqBCdwoS7/tPK+QGkPCadJTn8FxGkd24iApo3BR9/M0uw6n4RFAFSPAKKMgkzVMoRyR3ZS/aqATDFvoZJOkE9cPG/TAzmyZvr/WUIS8kLmuI1dCA+itFF6+ULZqbkWS0YcVU0j6UDvMBvVlGTzHz+UHzWYJLUq2LnlynJtFap5k8560+tBGtxi9Gx2NIycKgbOUv0gEqhfVzAwvg1IhTltfSwOeZXvDvd40rozONRxwq8hjKy+4DbfrO0iRtlT7G/eVEO9aJJnqagomFSkqCscttf/o6VeT2+A9JhcSxLmjcKFG3FEK3Try/WkarJa1jM3lMRQqVOZrzHAaLFW/5sXano6DqqC5ERD6CcVVsrny0tYN4iHHB8BHJ9zvjff0NjLGG/v5Wsy31+BwZA8cUlfAZ0f5EYRo9/vKSd8TV0wRb9DQ=", + "kind": 13, + "created_at": 1703015180, + "pubkey": "611df01bfcf85c26ae65453b772d8f1dfd25c264621c0277e1fc1518686faef9", + "tags": [], + "id": "28a87d7c074d94a58e9e89bb3e9e4e813e2189f285d797b1c56069d36f59eaa7", + "sig": "02fc3facf6621196c32912b1ef53bac8f8bfe9db51c0e7102c073103586b0d29c3f39bdaa1e62856c20e90b6c7cc5dc34ca8bb6a528872cf6e65e6284519ad73" +} +``` + +## 3. Wrap the seal + +Encrypt the JSON-encoded `kind 13` event with your ephemeral, single-use random key. Place the result +in the `content` field of a `kind 1059`. Add a single `p` tag containing the recipient's public key. +Sign the `gift wrap` using the random key generated in the previous step. + +```json +{ + "content": "AhC3Qj/QsKJFWuf6xroiYip+2yK95qPwJjVvFujhzSguJWb/6TlPpBW0CGFwfufCs2Zyb0JeuLmZhNlnqecAAalC4ZCugB+I9ViA5pxLyFfQjs1lcE6KdX3euCHBLAnE9GL/+IzdV9vZnfJH6atVjvBkNPNzxU+OLCHO/DAPmzmMVx0SR63frRTCz6Cuth40D+VzluKu1/Fg2Q1LSst65DE7o2efTtZ4Z9j15rQAOZfE9jwMCQZt27rBBK3yVwqVEriFpg2mHXc1DDwHhDADO8eiyOTWF1ghDds/DxhMcjkIi/o+FS3gG1dG7gJHu3KkGK5UXpmgyFKt+421m5o++RMD/BylS3iazS1S93IzTLeGfMCk+7IKxuSCO06k1+DaasJJe8RE4/rmismUvwrHu/HDutZWkvOAhd4z4khZo7bJLtiCzZCZ74lZcjOB4CYtuAX2ZGpc4I1iOKkvwTuQy9BWYpkzGg3ZoSWRD6ty7U+KN+fTTmIS4CelhBTT15QVqD02JxfLF7nA6sg3UlYgtiGw61oH68lSbx16P3vwSeQQpEB5JbhofW7t9TLZIbIW/ODnI4hpwj8didtk7IMBI3Ra3uUP7ya6vptkd9TwQkd/7cOFaSJmU+BIsLpOXbirJACMn+URoDXhuEtiO6xirNtrPN8jYqpwvMUm5lMMVzGT3kMMVNBqgbj8Ln8VmqouK0DR+gRyNb8fHT0BFPwsHxDskFk5yhe5c/2VUUoKCGe0kfCcX/EsHbJLUUtlHXmTqaOJpmQnW1tZ/siPwKRl6oEsIJWTUYxPQmrM2fUpYZCuAo/29lTLHiHMlTbarFOd6J/ybIbICy2gRRH/LFSryty3Cnf6aae+A9uizFBUdCwTwffc3vCBae802+R92OL78bbqHKPbSZOXNC+6ybqziezwG+OPWHx1Qk39RYaF0aFsM4uZWrFic97WwVrH5i+/Nsf/OtwWiuH0gV/SqvN1hnkxCTF/+XNn/laWKmS3e7wFzBsG8+qwqwmO9aVbDVMhOmeUXRMkxcj4QreQkHxLkCx97euZpC7xhvYnCHarHTDeD6nVK+xzbPNtzeGzNpYoiMqxZ9bBJwMaHnEoI944Vxoodf51cMIIwpTmmRvAzI1QgrfnOLOUS7uUjQ/IZ1Qa3lY08Nqm9MAGxZ2Ou6R0/Z5z30ha/Q71q6meAs3uHQcpSuRaQeV29IASmye2A2Nif+lmbhV7w8hjFYoaLCRsdchiVyNjOEM4VmxUhX4VEvw6KoCAZ/XvO2eBF/SyNU3Of4SO", + "kind": 1059, + "created_at": 1703021488, + "pubkey": "18b1a75918f1f2c90c23da616bce317d36e348bcf5f7ba55e75949319210c87c", + "id": "5c005f3ccf01950aa8d131203248544fb1e41a0d698e846bd419cec3890903ac", + "sig": "35fabdae4634eb630880a1896a886e40fd6ea8a60958e30b89b33a93e6235df750097b04f9e13053764251b8bc5dd7e8e0794a3426a90b6bcc7e5ff660f54259" + "tags": [["p", "166bf3765ebd1fc55decfe395beff2ea3b2a4e0a8946e7eb578512b555737c99"]], +} +``` + +## 4. Broadcast Selectively + +Broadcast the `kind 1059` event to the recipient's relays only. Delete all the other events. + +# Code Samples + +## JavaScript + +```javascript +import {bytesToHex} from "@noble/hashes/utils" +import type {EventTemplate, UnsignedEvent, Event} from "nostr-tools" +import {getPublicKey, getEventHash, nip19, nip44, finalizeEvent, generateSecretKey} from "nostr-tools" + +type Rumor = UnsignedEvent & {id: string} + +const TWO_DAYS = 2 * 24 * 60 * 60 + +const now = () => Math.round(Date.now() / 1000) +const randomNow = () => Math.round(now() - (Math.random() * TWO_DAYS)) + +const nip44ConversationKey = (privateKey: Uint8Array, publicKey: string) => + nip44.v2.utils.getConversationKey(bytesToHex(privateKey), publicKey) + +const nip44Encrypt = (data: EventTemplate, privateKey: Uint8Array, publicKey: string) => + nip44.v2.encrypt(JSON.stringify(data), nip44ConversationKey(privateKey, publicKey)) + +const nip44Decrypt = (data: Event, privateKey: Uint8Array) => + JSON.parse(nip44.v2.decrypt(data.content, nip44ConversationKey(privateKey, data.pubkey))) + +const createRumor = (event: Partial<UnsignedEvent>, privateKey: Uint8Array) => { + const rumor = { + created_at: now(), + content: "", + tags: [], + ...event, + pubkey: getPublicKey(privateKey), + } as any + + rumor.id = getEventHash(rumor) + + return rumor as Rumor +} + +const createSeal = (rumor: Rumor, privateKey: Uint8Array, recipientPublicKey: string) => { + return finalizeEvent( + { + kind: 13, + content: nip44Encrypt(rumor, privateKey, recipientPublicKey), + created_at: randomNow(), + tags: [], + }, + privateKey + ) as Event +} + +const createWrap = (event: Event, recipientPublicKey: string) => { + const randomKey = generateSecretKey() + + return finalizeEvent( + { + kind: 1059, + content: nip44Encrypt(event, randomKey, recipientPublicKey), + created_at: randomNow(), + tags: [["p", recipientPublicKey]], + }, + randomKey + ) as Event +} + +// Test case using the above example +const senderPrivateKey = nip19.decode(`nsec1p0ht6p3wepe47sjrgesyn4m50m6avk2waqudu9rl324cg2c4ufesyp6rdg`).data +const recipientPrivateKey = nip19.decode(`nsec1uyyrnx7cgfp40fcskcr2urqnzekc20fj0er6de0q8qvhx34ahazsvs9p36`).data +const recipientPublicKey = getPublicKey(recipientPrivateKey) + +const rumor = createRumor( + { + kind: 1, + content: "Are you going to the party tonight?", + }, + senderPrivateKey +) + +const seal = createSeal(rumor, senderPrivateKey, recipientPublicKey) +const wrap = createWrap(seal, recipientPublicKey) + +// Receiver unwraps with his/her private key. + +const unwrappedSeal = nip44Decrypt(wrap, recipientPrivateKey) +const unsealedRumor = nip44Decrypt(unwrappedSeal, recipientPrivateKey) +``` From 1a2b21b67eeae2eba8c03215826a32d4a03ae172 Mon Sep 17 00:00:00 2001 From: Jon Staab <shtaab@gmail.com> Date: Tue, 9 Jan 2024 13:39:58 -0800 Subject: [PATCH 48/89] Remove p tag, clarify that NIP 59 does not define a messaging protocol on its own --- 59.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/59.md b/59.md index cd841cff..c990236c 100644 --- a/59.md +++ b/59.md @@ -9,6 +9,8 @@ Gift Wrap This NIP defines a protocol for encapsulating any nostr event. This makes it possible to obscure most metadata for a given event, perform collaborative signing, and more. +This NIP *does not* define any messaging protocol. Applications of this NIP should be defined separately. + This NIP relies on [NIP-44](./44.md)'s versioned encryption algorithms. # Overview @@ -55,11 +57,8 @@ Tags MUST must always be empty in a `kind:13`. The inner event MUST always be un ## 3. Gift Wrap Event Kind -A `gift wrap` event is a `kind:1059` event that wraps any other event. `tags` MUST include a single `p` tag -containing the recipient's public key. - -The goal is to hide the sender's information, the metadata, and the content of the original event from the public. -The only public information is the receiver's public key. +A `gift wrap` event is a `kind:1059` event that wraps any other event. `tags` SHOULD include any information +needed to route the event to its intended recipient, including the recipient's `p` tag or NIP-13 proof of work. ```js { @@ -68,7 +67,7 @@ The only public information is the receiver's public key. "content": "<encrypted kind 13>", "kind": 1059, "created_at": 1686840217, - "tags": [["p", "<Receiver>"]], + "tags": [["p", "<recipient pubkey>"]], "sig": "<random, one-time-use pubkey signature>" } ``` @@ -106,6 +105,9 @@ Let's send a wrapped `kind 1` message between two parties asking "Are you going - Recipient private key: `e108399bd8424357a710b606ae0c13166d853d327e47a6e5e038197346bdbf45` - Ephemeral wrapper key: `4f02eac59266002db5801adc5270700ca69d5b8f761d8732fab2fbf233c90cbd` +Note that this messaging protocol should not be used in practice, this is just an example. Refer to other +NIPs for concrete messaging protocols that depend on gift wraps. + ## 1. Create an event Create a `kind 1` event with the message, the receivers, and any other tags you want, signed by the author. @@ -243,7 +245,7 @@ const rumor = createRumor( const seal = createSeal(rumor, senderPrivateKey, recipientPublicKey) const wrap = createWrap(seal, recipientPublicKey) -// Receiver unwraps with his/her private key. +// Recipient unwraps with his/her private key. const unwrappedSeal = nip44Decrypt(wrap, recipientPrivateKey) const unsealedRumor = nip44Decrypt(unwrappedSeal, recipientPrivateKey) From 9b39fd5ef51eefc85af99b5aefac1a109bc17de3 Mon Sep 17 00:00:00 2001 From: Thabokani <149070269+Thabokani@users.noreply.github.com> Date: Wed, 17 Jan 2024 16:09:50 +0800 Subject: [PATCH 49/89] NIP-96: fix typo --- 96.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/96.md b/96.md index d8ea105e..3ebbef83 100644 --- a/96.md +++ b/96.md @@ -273,7 +273,7 @@ The `server` should reject deletes from users other than the original uploader. It should be noted that more than one user may have uploaded the same file (with the same hash). In this case, a delete must not really delete the file but just remove the user's `pubkey` from the file owners list (considering the server keeps just one copy of the same file, because multiple uploads of the same file results in the same file hash). -The successfull response is a 200 OK one with just basic JSON fields: +The successful response is a 200 OK one with just basic JSON fields: ``` { From c766f8892b46b26a91ac1e570cb605a8074b78b2 Mon Sep 17 00:00:00 2001 From: ekzyis <ekzyis@ekzyis.com> Date: Thu, 18 Jan 2024 23:32:36 +0100 Subject: [PATCH 50/89] NIP-47: fix typo --- 47.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/47.md b/47.md index c6540d51..4916658c 100644 --- a/47.md +++ b/47.md @@ -17,7 +17,7 @@ This NIP describes a way for clients to access a remote Lightning wallet through * **wallet service**: Nostr app that typically runs on an always-on computer (eg. in the cloud or on a Raspberry Pi). This app has access to the APIs of the wallets it serves. ## Theory of Operation - 1. **Users** who which to use this NIP to send lightning payments to other nostr users must first acquire a special "connection" URI from their NIP-47 compliant wallet application. The wallet application may provide this URI using a QR screen, or a pasteable string, or some other means. + 1. **Users** who wish to use this NIP to send lightning payments to other nostr users must first acquire a special "connection" URI from their NIP-47 compliant wallet application. The wallet application may provide this URI using a QR screen, or a pasteable string, or some other means. 2. The **user** should then copy this URI into their **client(s)** by pasting, or scanning the QR, etc. The **client(s)** should save this URI and use it later whenever the **user** makes a payment. The **client** should then request an `info` (13194) event from the relay(s) specified in the URI. The **wallet service** will have sent that event to those relays earlier, and the relays will hold it as a replaceable event. From d0812229a5569372a6cd1bdb8d148beb1820585d Mon Sep 17 00:00:00 2001 From: fiatjaf <fiatjaf@gmail.com> Date: Sun, 21 Jan 2024 16:08:45 -0300 Subject: [PATCH 51/89] use jsonc in some places. --- 01.md | 11 +++++------ 52.md | 4 ++-- 72.md | 10 +++++----- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/01.md b/01.md index 80ee7924..46316ea5 100644 --- a/01.md +++ b/01.md @@ -14,7 +14,7 @@ Each user has a keypair. Signatures, public key, and encodings are done accordin The only object type that exists is the `event`, which has the following format on the wire: -```json +```jsonc { "id": <32-bytes lowercase hex-encoded sha256 of the serialized event data>, "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>, @@ -22,7 +22,7 @@ The only object type that exists is the `event`, which has the following format "kind": <integer between 0 and 65535>, "tags": [ [<arbitrary string>...], - ... + // ... ], "content": <arbitrary string>, "sig": <64-bytes lowercase hex of the signature of the sha256 hash of the serialized event data, which is the same as the "id" field> @@ -58,17 +58,16 @@ To prevent implementation differences from creating a different event ID for the Each tag is an array of strings of arbitrary size, with some conventions around them. Take a look at the example below: -```json +```jsonc { - ..., "tags": [ ["e", "5c83da77af1dec6d7289834998ad7aafbd9e2191396d75ec3cc27f5a77226f36", "wss://nostr.example.com"], ["p", "f7234bd4c1394dda46d09f35bd384dd30cc552ad5541990f98844fb06676e9ca"], ["a", "30023:f7234bd4c1394dda46d09f35bd384dd30cc552ad5541990f98844fb06676e9ca:abcd", "wss://nostr.example.com"], ["alt", "reply"], - ... + // ... ], - ... + // ... } ``` diff --git a/52.md b/52.md index 5ac116b9..f35d9040 100644 --- a/52.md +++ b/52.md @@ -38,7 +38,7 @@ The list of tags are as follows: The following tags are deprecated: * `name` name of the calendar event. Use only if `title` is not available. -```json +```jsonc { "id": <32-bytes lowercase hex-encoded SHA-256 of the the serialized event data>, "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>, @@ -99,7 +99,7 @@ The list of tags are as follows: The following tags are deprecated: * `name` name of the calendar event. Use only if `title` is not available. -```json +```jsonc { "id": <32-bytes lowercase hex-encoded SHA-256 of the the serialized event data>, "pubkey": <32-bytes lowercase hex-encoded public key of the event creator>, diff --git a/72.md b/72.md index c0fffffc..4bafce06 100644 --- a/72.md +++ b/72.md @@ -12,7 +12,7 @@ The goal of this NIP is to create moderator-approved public communities around a `kind:34550` SHOULD include any field that helps define the community and the set of moderators. `relay` tags MAY be used to describe the preferred relay to download requests and approvals. -```json +```jsonc { "created_at": <Unix timestamp in seconds>, "kind": 34550, @@ -42,14 +42,14 @@ The goal of this NIP is to create moderator-approved public communities around a Any Nostr event can be submitted to a community by anyone for approval. Clients MUST add the community's `a` tag to the new post event in order to be presented for the moderator's approval. -```json +```jsonc { "kind": 1, "tags": [ ["a", "34550:<community event author pubkey>:<community-d-identifier>", "<optional-relay-url>"], ], "content": "hello world", - ... + // ... } ``` @@ -59,7 +59,7 @@ Community management clients MAY filter all mentions to a given `kind:34550` eve The post-approval event MUST include `a` tags of the communities the moderator is posting into (one or more), the `e` tag of the post and `p` tag of the author of the post (for approval notifications). The event SHOULD also include the stringified `post request` event inside the `.content` ([NIP-18-style](18.md)) and a `k` tag with the original post's event kind to allow filtering of approved posts by kind. -```json +```jsonc { "pubkey": "<32-bytes lowercase hex-encoded public key of the event creator>", "kind": 4550, @@ -70,7 +70,7 @@ The post-approval event MUST include `a` tags of the communities the moderator i ["k", "<post-request-kind>"] ], "content": "<the full approved event, JSON-encoded>", - ... + // ... } ``` From c2f34817e38353245b17c586946ef2a354bf9a4c Mon Sep 17 00:00:00 2001 From: benthecarman <benthecarman@live.com> Date: Wed, 6 Dec 2023 02:33:54 -0600 Subject: [PATCH 52/89] NIP-47: Nostr Wallet Connect Extensions --- 47.md | 278 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 276 insertions(+), 2 deletions(-) diff --git a/47.md b/47.md index b6a4f2bc..4cef6107 100644 --- a/47.md +++ b/47.md @@ -36,6 +36,7 @@ The info event should be a replaceable event that is published by the **wallet s a plaintext string with the supported commands, space-separated, eg. `pay_invoice get_balance`. Only the `pay_invoice` command is described in this NIP, but other commands might be defined in different NIPs. Both the request and response events SHOULD contain one `p` tag, containing the public key of the **wallet service** if this is a request, and the public key of the **user** if this is a response. The response event SHOULD contain an `e` tag with the id of the request event it is responding to. +Optionally, a request can have an `expiration` tag that has a unix timestamp in seconds. If the request is received after this timestamp, it should be ignored. The content of requests and responses is encrypted with [NIP04](https://github.com/nostr-protocol/nips/blob/master/04.md), and is a JSON-RPCish object with a semi-fixed structure: @@ -108,7 +109,8 @@ Request: { "method": "pay_invoice", "params": { - "invoice": "lnbc50n1..." // bolt11 invoice + "invoice": "lnbc50n1...", // bolt11 invoice + "amount": 123, // invoice amount in msats, optional } } ``` @@ -117,7 +119,7 @@ Response: ```jsonc { "result_type": "pay_invoice", - "result": { + "result": { "preimage": "0123456789abcdef..." // preimage of the payment } } @@ -126,6 +128,278 @@ Response: Errors: - `PAYMENT_FAILED`: The payment failed. This may be due to a timeout, exhausting all routes, insufficient capacity or similar. +### `multi_pay_invoice` + +Description: Requests payment of multiple invoices. + +Request: +```jsonc +{ + "method": "multi_pay_invoice", + "params": { + "invoices": [ + {"id":"4da52c32a1", "invoice": "lnbc1...", "amount": 123}, // bolt11 invoice and amount in msats, amount is optional + {"id":"3da52c32a1", "invoice": "lnbc50n1..."}, + ], + } +} +``` + +Response: + +For every invoice in the request, a separate response event is sent. To differentiate between the responses, each +response event contains an `d` tag with the id of the invoice it is responding to, if no id was given, then the +payment hash of the invoice should be used. + +```jsonc +{ + "result_type": "multi_pay_invoice", + "result": { + "preimage": "0123456789abcdef..." // preimage of the payment + } +} +``` + +Errors: +- `PAYMENT_FAILED`: The payment failed. This may be due to a timeout, exhausting all routes, insufficient capacity or similar. + +### `pay_keysend` + +Request: +```jsonc +{ + "method": "pay_keysend", + "params": { + "amount": 123, // invoice amount in msats, required + "pubkey": "03...", // payee pubkey, required + "preimage": "0123456789abcdef...", // preimage of the payment, optional + "tlv_records: [ // tlv records, optional + { + "type": 5482373484, // tlv type + "value": "0123456789abcdef" // hex encoded tlv value + } + ] + } +} +``` + +Response: +```jsonc +{ + "result_type": "pay_keysend", + "result": { + "preimage": "0123456789abcdef...", // preimage of the payment + } +} +``` + +Errors: +- `PAYMENT_FAILED`: The payment failed. This may be due to a timeout, exhausting all routes, insufficient capacity or similar. + +### `multi_pay_keysend` + +Description: Requests multiple keysend payments. + +Has an array of keysends, these follow the same semantics as `pay_keysend`, just done in a batch + +Request: +```jsonc +{ + "method": "multi_pay_keysend", + "params": { + "keysends": [ + {"id": "4c5b24a351", pubkey": "03...", "amount": 123}, + {"id": "3da52c32a1", "pubkey": "02...", "amount": 567, "preimage": "abc123..", "tlv_records": [{"type": 696969, "value": "77616c5f6872444873305242454d353736"}]}, + ], + } +} +``` + +Response: + +For every keysend in the request, a separate response event is sent. To differentiate between the responses, each +response event contains an `d` tag with the id of the keysend it is responding to, if no id was given, then the +pubkey should be used. + +```jsonc +{ + "result_type": "multi_pay_keysend", + "result": { + "preimage": "0123456789abcdef..." // preimage of the payment + } +} +``` + +Errors: +- `PAYMENT_FAILED`: The payment failed. This may be due to a timeout, exhausting all routes, insufficient capacity or similar. + +### `make_invoice` + +Request: +```jsonc +{ + "method": "make_invoice", + "params": { + "amount": 123, // value in msats + "description": "string", // invoice's description, optional + "description_hash": "string", // invoice's description hash, optional + "expiry": 213 // expiry in seconds from time invoice is created, optional + } +} +``` + +Response: +```jsonc +{ + "result_type": "make_invoice", + "result": { + "type": "incoming", // "incoming" for invoices, "outgoing" for payments + "invoice": "string", // encoded invoice, optional + "description": "string", // invoice's description, optional + "description_hash": "string", // invoice's description hash, optional + "preimage": "string", // payment's preimage, optional if unpaid + "payment_hash": "string", // Payment hash for the payment + "amount": 123, // value in msats + "fees_paid": 123, // value in msats + "created_at": unixtimestamp, // invoice/payment creation time + "expires_at": unixtimestamp, // invoice expiration time, optional if not applicable + "metadata": {} // generic metadata that can be used to add things like zap/boostagram details for a payer name/comment/etc. + } +} +``` + +### `lookup_invoice` + +Request: +```jsonc +{ + "method": "lookup_invoice", + "params": { + "payment_hash": "31afdf1..", // payment hash of the invoice, one of payment_hash or invoice is required + "invoice": "lnbc50n1..." // invoice to lookup + } +} +``` + +Response: +```jsonc +{ + "result_type": "lookup_invoice", + "result": { + "type": "incoming", // "incoming" for invoices, "outgoing" for payments + "invoice": "string", // encoded invoice, optional + "description": "string", // invoice's description, optional + "description_hash": "string", // invoice's description hash, optional + "preimage": "string", // payment's preimage, optional if unpaid + "payment_hash": "string", // Payment hash for the payment + "amount": 123, // value in msats + "fees_paid": 123, // value in msats + "created_at": unixtimestamp, // invoice/payment creation time + "expires_at": unixtimestamp, // invoice expiration time, optional if not applicable + "settled_at": unixtimestamp, // invoice/payment settlement time, optional if unpaid + "metadata": {} // generic metadata that can be used to add things like zap/boostagram details for a payer name/comment/etc. + } +} +``` + +Errors: +- `NOT_FOUND`: The invoice could not be found by the given parameters. + +### `list_transactions` + +Lists invoices and payments. If `type` is not specified, both invoices and payments are returned. +The `from` and `until` parameters are timestamps in seconds since epoch. If `from` is not specified, it defaults to 0. +If `until` is not specified, it defaults to the current time. Transactions are returned in descending order of creation +time. + +Request: +```jsonc +{ + "method": "list_transactions", + "params": { + "from": 1693876973, // starting timestamp in seconds since epoch (inclusive), optional + "until": 1703225078, // ending timestamp in seconds since epoch (inclusive), optional + "limit": 10, // maximum number of invoices to return, optional + "offset": 0, // offset of the first invoice to return, optional + "unpaid": true, // include unpaid invoices, optional, default false + "type": "incoming", // "incoming" for invoices, "outgoing" for payments, undefined for both + } +} +``` + +Response: +```jsonc +{ + "result_type": "list_transactions", + "result": { + "transactions": [ + { + "type": "incoming", // "incoming" for invoices, "outgoing" for payments + "invoice": "string", // encoded invoice, optional + "description": "string", // invoice's description, optional + "description_hash": "string", // invoice's description hash, optional + "preimage": "string", // payment's preimage, optional if unpaid + "payment_hash": "string", // Payment hash for the payment + "amount": 123, // value in msats + "fees_paid": 123, // value in msats + "created_at": unixtimestamp, // invoice/payment creation time + "expires_at": unixtimestamp, // invoice expiration time, optional if not applicable + "settled_at": unixtimestamp, // invoice/payment settlement time, optional if unpaid + "metadata": {} // generic metadata that can be used to add things like zap/boostagram details for a payer name/comment/etc. + } + ], + }, +} +``` + +### `get_balance` + +Request: +```jsonc +{ + "method": "get_balance", + "params": { + } +} +``` + +Response: +```jsonc +{ + "result_type": "get_balance", + "result": { + "balance": 10000, // user's balance in msats + } +} +``` + +### `get_info` + +Request: +```jsonc +{ + "method": "get_info", + "params": { + } +} +``` + +Response: +```jsonc +{ + "result_type": "get_info", + "result": { + "alias": "string", + "color": "hex string", + "pubkey": "hex string", + "network": "string", // mainnet, testnet, signet, or regtest + "block_height": 1, + "block_hash": "hex string", + "methods": ["pay_invoice", "get_balance", "make_invoice", "lookup_invoice", "list_transactions", "get_info"], // list of supported methods for this connection + } +} +``` + ## Example pay invoice flow 0. The user scans the QR code generated by the **wallet service** with their **client** application, they follow a `nostr+walletconnect:` deeplink or configure the connection details manually. From 363e4958cf10fc35f3168ca51374da06c0e5b2ee Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Tue, 23 Jan 2024 13:09:10 +0900 Subject: [PATCH 53/89] Add kinds for NIP-15 --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index cf3827e8..91179cd7 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,8 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `42` | Channel Message | [28](28.md) | | `43` | Channel Hide Message | [28](28.md) | | `44` | Channel Mute User | [28](28.md) | +| `1021` | Bid | [15](15.md) | +| `1022` | Bid confirmation | [15](15.md) | | `1040` | OpenTimestamps | [03](03.md) | | `1063` | File Metadata | [94](94.md) | | `1311` | Live Chat Message | [53](53.md) | @@ -136,6 +138,8 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `30015` | Interest sets | [51](51.md) | | `30017` | Create or update a stall | [15](15.md) | | `30018` | Create or update a product | [15](15.md) | +| `30019` | Marketplace UI/UX | [15](15.md) | +| `30020` | Product sold as an auction | [15](15.md) | | `30023` | Long-form Content | [23](23.md) | | `30024` | Draft Long-form Content | [23](23.md) | | `30030` | Emoji sets | [51](51.md) | From 6dd003508567dd780f3d8da12f0f9a62449cb992 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ioan=20Biz=C4=83u?= <github@ibz.me> Date: Tue, 23 Jan 2024 18:36:38 +0200 Subject: [PATCH 54/89] #p refers to pubkeys, *not* "event pubkeys". --- 01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01.md b/01.md index 46316ea5..c1e37480 100644 --- a/01.md +++ b/01.md @@ -124,7 +124,7 @@ Clients can send 3 types of messages, which must be JSON arrays, according to th "ids": <a list of event ids>, "authors": <a list of lowercase pubkeys, the pubkey of an event must be one of these>, "kinds": <a list of a kind numbers>, - "#<single-letter (a-zA-Z)>": <a list of tag values, for #e — a list of event ids, for #p — a list of event pubkeys etc>, + "#<single-letter (a-zA-Z)>": <a list of tag values, for #e — a list of event ids, for #p — a list of pubkeys, etc.>, "since": <an integer unix timestamp in seconds, events must be newer than this to pass>, "until": <an integer unix timestamp in seconds, events must be older than this to pass>, "limit": <maximum number of events relays SHOULD return in the initial query> From 9fd5be26cd0593b15c61bf3ea219bbfcdec81495 Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Thu, 25 Jan 2024 12:33:25 +0900 Subject: [PATCH 55/89] NIP-30: add supported kinds --- 30.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/30.md b/30.md index 5a6f84de..c2f8bb07 100644 --- a/30.md +++ b/30.md @@ -6,7 +6,7 @@ Custom Emoji `draft` `optional` -Custom emoji may be added to **kind 0** and **kind 1** events by including one or more `"emoji"` tags, in the form: +Custom emoji may be added to **kind 0**, **kind 1**, **kind 7** ([NIP-25](25.md)) and **kind 30315** ([NIP-38](38.md)) events by including one or more `"emoji"` tags, in the form: ``` ["emoji", <shortcode>, <image-url>] From 7ec060375c5aa8697e8b26c2d1088c9077bfa910 Mon Sep 17 00:00:00 2001 From: Michael Dilger <mike@mikedilger.com> Date: Tue, 30 Jan 2024 04:45:16 +1300 Subject: [PATCH 56/89] NIP-49: Private key encryption (#133) * Key export/import as implemented by gossip * Added test data * Last push didn't make sense, only this direction works * Multiple updates: 100k rounds, random salt, version number, length indications * Rename to NIP-49, include in README * Change encoding to bech32 (ncryptsec) * Major rework of the algorithm. NIP is now incomplete as I haven't coded it yet. * renamed * spelling * minor fix * formatting * MORE CHANGES: scrypt, spelt out more detail of the steps to take * spelling * Mostly just removing some unnecesary stuff * Remove the cafebabe note * Remove confusing nonce statement * Change title (and a bit of wording) * remove author * remove legacy event * rename on README --------- Co-authored-by: Mike Dilger <mike@ezicheq.com> Co-authored-by: fiatjaf_ <fiatjaf@gmail.com> --- 49.md | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 1 + 2 files changed, 113 insertions(+) create mode 100644 49.md diff --git a/49.md b/49.md new file mode 100644 index 00000000..becc5860 --- /dev/null +++ b/49.md @@ -0,0 +1,112 @@ + +NIP-49 +====== + +Private Key Encryption +---------------------- + +`draft` `optional` + +This NIP defines a method by which clients can encrypt (and decrypt) a user's private key with a passphrase. + +Symmetric Encryption Key derivation +----------------------------------- + +PASSPHRASE = read from the user + +LOG\_N = Let the user or implementer choose one byte representing a power of 2 (e.g. 18 represents 262,144) which is used as the number of rounds for scrypt. Larger numbers take more time and more memory, and offer better protection: + + | LOG\_N | MEMORY REQUIRED | APPROX TIME ON FAST COMPUTER | + |--------|-----------------|----------------------------- | + | 16 | 64 MiB | 100 ms | + | 18 | 256 MiB | | + | 20 | 1 GiB | 2 seconds | + | 21 | 2 GiB | | + | 22 | 4 GiB | | + +SALT = 16 random bytes + +SYMMETRIC_KEY = scrypt(passphrase=PASSPHRASE, salt=SALT, log\_n=LOG\_N, r=8, p=1) + +The symmetric key should be 32 bytes long. + +This symmetric encryption key is temporary and should be zeroed and discarded after use and not stored or reused for any other purpose. + + +Encrypting a private key +------------------------ + +The private key encryption process is as follows: + +PRIVATE\_KEY = User's private (secret) secp256k1 key as 32 raw bytes (not hex or bech32 encoded!) + +KEY\_SECURITY\_BYTE = one of: + +* 0x00 - if the key has been known to have been handled insecurely (stored unencrypted, cut and paste unencrypted, etc) +* 0x01 - if the key has NOT been known to have been handled insecurely (stored unencrypted, cut and paste unencrypted, etc) + * 0x02 - if the client does not track this data + +ASSOCIATED\_DATA = KEY\_SECURITY\_BYTE + +NONCE = 24 byte random nonce + +CIPHERTEXT = XChaCha20-Poly1305( + plaintext=PRIVATE\_KEY, + associated_data=ASSOCIATED\_DATA, + nonce=NONCE, + key=SYMMETRIC\_KEY +) + +VERSION\_NUMBER = 0x02 + +CIPHERTEXT_CONCATENATION = concat( + VERSION\_NUMBER, + LOG\_N, + SALT, + NONCE, + ASSOCIATED\_DATA, + CIPHERTEXT +) + +ENCRYPTED\_PRIVATE\_KEY = bech32_encode('ncryptsec', CIPHERTEXT\_CONCATENATION) + +The output prior to bech32 encoding should be 91 bytes long. + +The decryption process operates in the reverse. + + +Test Data +--------- + +The following encrypted private key: + +`ncryptsec1qgg9947rlpvqu76pj5ecreduf9jxhselq2nae2kghhvd5g7dgjtcxfqtd67p9m0w57lspw8gsq6yphnm8623nsl8xn9j4jdzz84zm3frztj3z7s35vpzmqf6ksu8r89qk5z2zxfmu5gv8th8wclt0h4p` + +When decrypted with password='nostr' and log_n=16 yields the following hex-encoded private key: + +`3501454135014541350145413501453fefb02227e449e57cf4d3a3ce05378683` + +The reverse process is non-deterministic due to the random nonce. + +Discussion +---------- + +### On Key Derivation + +Passwords make poor cryptographic keys. Prior to use as a cryptographic key, two things need to happen: + +1. An encryption key needs to be deterministically created from the password such that is has a uniform functionally random distribution of bits, such that the symmetric encryption algorithm's assumptions are valid, and +2. A slow irreversible algorithm should be injected into the process, so that brute-force attempts to decrypt by trying many passwords are severely hampered. + +These are achieved using a password-based key derivation function. We use scrypt, which has been proven to be maximally memory hard and which several cryptographers have indicated to the author is better than argon2 even though argon2 won a competition in 2015. + +### On the symmetric encryption algorithm + +XChaCha20-Poly1305 is typically favored by cryptographers over AES and is less associated with the U.S. government. It (or it's earlier variant without the 'X') is gaining wide usage, is used in TLS and OpenSSH, and is available in most modern crypto libraries. + +Recommendations +--------- + +It is not recommended that users publish these encrypted private keys to nostr, as cracking a key may become easier when an attacker can amass many encrypted private keys. + +It is recommended that clients zero out the memory of passwords and private keys before freeing that memory. diff --git a/README.md b/README.md index 91179cd7..9ce96fc3 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-46: Nostr Connect](46.md) - [NIP-47: Wallet Connect](47.md) - [NIP-48: Proxy Tags](48.md) +- [NIP-49: Private Key Encryption](49.md) - [NIP-50: Search Capability](50.md) - [NIP-51: Lists](51.md) - [NIP-52: Calendar Events](52.md) From ee93721ac76bb1e54e7de1d6a7d9f00c6b3c9849 Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Wed, 31 Jan 2024 07:47:56 +0900 Subject: [PATCH 57/89] Add NIP-59 to README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9ce96fc3..10b1dfb7 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-56: Reporting](56.md) - [NIP-57: Lightning Zaps](57.md) - [NIP-58: Badges](58.md) +- [NIP-59: Gift Wrap](59.md) - [NIP-65: Relay List Metadata](65.md) - [NIP-72: Moderated Communities](72.md) - [NIP-75: Zap Goals](75.md) From f3589b99b0e5e297eea2de6b3686f81541b7d3db Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Thu, 1 Feb 2024 00:11:14 +0900 Subject: [PATCH 58/89] NIP-59: fix typo and nitpicks --- 59.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/59.md b/59.md index c990236c..7eff2b82 100644 --- a/59.md +++ b/59.md @@ -58,7 +58,7 @@ Tags MUST must always be empty in a `kind:13`. The inner event MUST always be un ## 3. Gift Wrap Event Kind A `gift wrap` event is a `kind:1059` event that wraps any other event. `tags` SHOULD include any information -needed to route the event to its intended recipient, including the recipient's `p` tag or NIP-13 proof of work. +needed to route the event to its intended recipient, including the recipient's `p` tag or [NIP-13](13.md) proof of work. ```js { @@ -74,7 +74,7 @@ needed to route the event to its intended recipient, including the recipient's ` # Encrypting Payloads -Encryption is done following NIP-44 on the JSON-encoded event. Place the the encryption payload in the `.content` +Encryption is done following [NIP-44](44.md) on the JSON-encoded event. Place the encryption payload in the `.content` of the wrapper event (either a `seal` or a `gift wrap`). # Other Considerations @@ -87,13 +87,13 @@ time-analysis attacks. Note that some relays don't serve events dated in the fut SHOULD be in the past. Relays may choose not to store gift wrapped events due to them not being publicly useful. Clients MAY choose -to attach a certain amount of proof-of-work to the wrapper event per NIP-13 in a bid to demonstrate that +to attach a certain amount of proof-of-work to the wrapper event per [NIP-13](13.md) in a bid to demonstrate that the event is not spam or a denial-of-service attack. -To protect recipient metadata, relays SHOULD guard access to kind 1059 events based on user AUTH. When +To protect recipient metadata, relays SHOULD guard access to `kind 1059` events based on user AUTH. When possible, clients should only send wrapped events to relays that offer this protection. -To protect recipient metadata, relays SHOULD only serve kind 1059 events intended for the marked recipient. +To protect recipient metadata, relays SHOULD only serve `kind 1059` events intended for the marked recipient. When possible, clients should only send wrapped events to `read` relays for the recipient that implement AUTH, and refuse to serve wrapped events to non-recipients. From ffef063a44cc1431da39b9fe145bf2a8ff84f302 Mon Sep 17 00:00:00 2001 From: ocknamo <s14pes@gmail.com> Date: Thu, 1 Feb 2024 23:57:58 +0900 Subject: [PATCH 59/89] fix: Correct PASSPHRASE to PASSWORD in NIP-49 --- 49.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/49.md b/49.md index becc5860..6de05eb9 100644 --- a/49.md +++ b/49.md @@ -7,12 +7,12 @@ Private Key Encryption `draft` `optional` -This NIP defines a method by which clients can encrypt (and decrypt) a user's private key with a passphrase. +This NIP defines a method by which clients can encrypt (and decrypt) a user's private key with a password. Symmetric Encryption Key derivation ----------------------------------- -PASSPHRASE = read from the user +PASSWORD = read from the user LOG\_N = Let the user or implementer choose one byte representing a power of 2 (e.g. 18 represents 262,144) which is used as the number of rounds for scrypt. Larger numbers take more time and more memory, and offer better protection: @@ -26,7 +26,7 @@ LOG\_N = Let the user or implementer choose one byte representing a power of 2 ( SALT = 16 random bytes -SYMMETRIC_KEY = scrypt(passphrase=PASSPHRASE, salt=SALT, log\_n=LOG\_N, r=8, p=1) +SYMMETRIC_KEY = scrypt(password=PASSWORD, salt=SALT, log\_n=LOG\_N, r=8, p=1) The symmetric key should be 32 bytes long. From 2c016b0659a8f29ad2420a4cd844a2dca4956407 Mon Sep 17 00:00:00 2001 From: Jon Staab <shtaab@gmail.com> Date: Mon, 27 Nov 2023 14:47:04 -0800 Subject: [PATCH 60/89] Add imeta tag --- 29.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 94.md | 1 + 2 files changed, 44 insertions(+) create mode 100644 29.md diff --git a/29.md b/29.md new file mode 100644 index 00000000..8c990bb3 --- /dev/null +++ b/29.md @@ -0,0 +1,43 @@ +NIP029 +====== + +imeta +-------------- + +`imeta` is a tag for adding media attachments to events. `imeta` tags MUST match URLs +in the event content. Clients may replace imeta URLs with rich previews. `imeta` tags +contain extra information about the media attachment, which clients can use to provide +a better experience when loading images. + +The `imeta` tag is variadic, and each entry is a space-delimited key/value pair. +Each `imeta` tag MUST have a `url`, and at least one other field. `imeta` may include +any field specified by [NIP 94](./94.md). There SHOULD be only one `imeta` tag per url. + +## Example + +```json +{ + "content": "More image metadata tests don’t mind me https://nostr.build/i/my-image.jpg", + "kind": 1, + "tags": [ + [ + "imeta", + "url https://nostr.build/i/my-image.jpg", + "blurhash eVF$^OI:${M{o#*0-nNFxakD-?xVM}WEWB%iNKxvR-oetmo#R-aen$", + "dim 3024x4032", + "alt A scenic photo overlooking the coast of Costa Rica", + "x <sha256 hash as specified in NIP 94>", + "fallback https://nostrcheck.me/alt1.jpg" + "fallback https://void.cat/alt1.jpg" + ] + ] +} +``` + +## Recommended client behavior + +When uploading images during a new post, clients MAY include this metadata +after the image is uploaded and included in the post. + +When pasting urls during post composition, the client MAY download the image +and add this metadata before the post is sent. diff --git a/94.md b/94.md index eb8117a4..e35dfa1c 100644 --- a/94.md +++ b/94.md @@ -25,6 +25,7 @@ This NIP specifies the use of the `1063` event type, having in `content` a descr * `image` (optional) url of preview image with same dimensions * `summary` (optional) text excerpt * `alt` (optional) description for accessibility +* `fallback` (optional) zero or more fallback file sources in case `url` fails ```json { From 716234149a2544cd59c7f4d04608e71b4fc7aab3 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Thu, 1 Feb 2024 15:47:51 -0600 Subject: [PATCH 61/89] NIP-29: add to NIPs list, improve preamble phrasing --- 29.md | 14 +++++++------- README.md | 1 + 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/29.md b/29.md index 8c990bb3..dafd51ca 100644 --- a/29.md +++ b/29.md @@ -1,13 +1,12 @@ -NIP029 +NIP-29 ====== -imeta --------------- +Media Attachments +----------------- -`imeta` is a tag for adding media attachments to events. `imeta` tags MUST match URLs -in the event content. Clients may replace imeta URLs with rich previews. `imeta` tags -contain extra information about the media attachment, which clients can use to provide -a better experience when loading images. +Media attachments (images, videos, and other files) may be added to events by including a URL in the event content, along with a matching `imeta` tag. + +`imeta` ("inline metadata") tags add information about media URLs in the event's content. Each `imeta` tag SHOULD match a URL in the event content. Clients may replace imeta URLs with rich previews. `imeta` tags contain extra information about the media attachment, which clients can use to provide a better experience when loading previews. The `imeta` tag is variadic, and each entry is a space-delimited key/value pair. Each `imeta` tag MUST have a `url`, and at least one other field. `imeta` may include @@ -23,6 +22,7 @@ any field specified by [NIP 94](./94.md). There SHOULD be only one `imeta` tag p [ "imeta", "url https://nostr.build/i/my-image.jpg", + "m image/jpeg", "blurhash eVF$^OI:${M{o#*0-nNFxakD-?xVM}WEWB%iNKxvR-oetmo#R-aen$", "dim 3024x4032", "alt A scenic photo overlooking the coast of Costa Rica", diff --git a/README.md b/README.md index 10b1dfb7..28d016b6 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-26: Delegated Event Signing](26.md) - [NIP-27: Text Note References](27.md) - [NIP-28: Public Chat](28.md) +- [NIP-29: Media Attachments](29.md) - [NIP-30: Custom Emoji](30.md) - [NIP-31: Dealing with Unknown Events](31.md) - [NIP-32: Labeling](32.md) From eee64fedb2c81a284fa98e09da57abd06d98dec0 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Thu, 1 Feb 2024 15:51:22 -0600 Subject: [PATCH 62/89] NIP-29: remove the redundant last sentence --- 29.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/29.md b/29.md index dafd51ca..2913619e 100644 --- a/29.md +++ b/29.md @@ -6,7 +6,7 @@ Media Attachments Media attachments (images, videos, and other files) may be added to events by including a URL in the event content, along with a matching `imeta` tag. -`imeta` ("inline metadata") tags add information about media URLs in the event's content. Each `imeta` tag SHOULD match a URL in the event content. Clients may replace imeta URLs with rich previews. `imeta` tags contain extra information about the media attachment, which clients can use to provide a better experience when loading previews. +`imeta` ("inline metadata") tags add information about media URLs in the event's content. Each `imeta` tag SHOULD match a URL in the event content. Clients may replace imeta URLs with rich previews. The `imeta` tag is variadic, and each entry is a space-delimited key/value pair. Each `imeta` tag MUST have a `url`, and at least one other field. `imeta` may include From 5e14fd7f0851779cda2adbb8fd8bac4547570b15 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Thu, 1 Feb 2024 15:52:52 -0600 Subject: [PATCH 63/89] NIP-29: images -> files --- 29.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/29.md b/29.md index 2913619e..2a22233d 100644 --- a/29.md +++ b/29.md @@ -36,8 +36,8 @@ any field specified by [NIP 94](./94.md). There SHOULD be only one `imeta` tag p ## Recommended client behavior -When uploading images during a new post, clients MAY include this metadata -after the image is uploaded and included in the post. +When uploading files during a new post, clients MAY include this metadata +after the file is uploaded and included in the post. -When pasting urls during post composition, the client MAY download the image +When pasting urls during post composition, the client MAY download the file and add this metadata before the post is sent. From 5196ac196a9e19cfbb9c6cd16d8081dd137e3572 Mon Sep 17 00:00:00 2001 From: fiatjaf <fiatjaf@gmail.com> Date: Thu, 1 Feb 2024 20:59:37 -0300 Subject: [PATCH 64/89] move `imeta` to NIP-92, add `imeta` tag to README. --- 29.md => 92.md | 2 +- README.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) rename 29.md => 92.md (99%) diff --git a/29.md b/92.md similarity index 99% rename from 29.md rename to 92.md index 2a22233d..81d46106 100644 --- a/29.md +++ b/92.md @@ -1,4 +1,4 @@ -NIP-29 +NIP-92 ====== Media Attachments diff --git a/README.md b/README.md index 28d016b6..438f5172 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,6 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-26: Delegated Event Signing](26.md) - [NIP-27: Text Note References](27.md) - [NIP-28: Public Chat](28.md) -- [NIP-29: Media Attachments](29.md) - [NIP-30: Custom Emoji](30.md) - [NIP-31: Dealing with Unknown Events](31.md) - [NIP-32: Labeling](32.md) @@ -74,6 +73,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-84: Highlights](84.md) - [NIP-89: Recommended Application Handlers](89.md) - [NIP-90: Data Vending Machines](90.md) +- [NIP-92: Media Attachments](92.md) - [NIP-94: File Metadata](94.md) - [NIP-96: HTTP File Storage Integration](96.md) - [NIP-98: HTTP Auth](98.md) @@ -218,6 +218,7 @@ Please update these lists when proposing NIPs introducing new event kinds. | `expiration` | unix timestamp (string) | -- | [40](40.md) | | `goal` | event id (hex) | relay URL | [75](75.md) | | `image` | image URL | dimensions in pixels | [23](23.md), [58](58.md) | +| `imeta` | inline metadata | -- | [92](92.md) | | `lnurl` | `bech32` encoded `lnurl` | -- | [57](57.md) | | `location` | location string | -- | [52](52.md), [99](99.md) | | `name` | badge name | -- | [58](58.md) | From 6de5ee32f411a91f5001a7d300931a7b1ec9adca Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Sat, 3 Feb 2024 10:28:57 +0900 Subject: [PATCH 65/89] NIP-92: fix typo and nitpicks --- 92.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/92.md b/92.md index 81d46106..b857d6ce 100644 --- a/92.md +++ b/92.md @@ -10,7 +10,7 @@ Media attachments (images, videos, and other files) may be added to events by in The `imeta` tag is variadic, and each entry is a space-delimited key/value pair. Each `imeta` tag MUST have a `url`, and at least one other field. `imeta` may include -any field specified by [NIP 94](./94.md). There SHOULD be only one `imeta` tag per url. +any field specified by [NIP 94](./94.md). There SHOULD be only one `imeta` tag per URL. ## Example @@ -27,7 +27,7 @@ any field specified by [NIP 94](./94.md). There SHOULD be only one `imeta` tag p "dim 3024x4032", "alt A scenic photo overlooking the coast of Costa Rica", "x <sha256 hash as specified in NIP 94>", - "fallback https://nostrcheck.me/alt1.jpg" + "fallback https://nostrcheck.me/alt1.jpg", "fallback https://void.cat/alt1.jpg" ] ] @@ -39,5 +39,5 @@ any field specified by [NIP 94](./94.md). There SHOULD be only one `imeta` tag p When uploading files during a new post, clients MAY include this metadata after the file is uploaded and included in the post. -When pasting urls during post composition, the client MAY download the file +When pasting URLs during post composition, the client MAY download the file and add this metadata before the post is sent. From c8ba0e2e35bf987b9336d2ff49f452e84620396a Mon Sep 17 00:00:00 2001 From: Jon Staab <shtaab@gmail.com> Date: Mon, 29 Jan 2024 09:05:11 -0800 Subject: [PATCH 66/89] Add status to nip 99 --- 99.md | 1 + 1 file changed, 1 insertion(+) diff --git a/99.md b/99.md index e65920c6..93550d87 100644 --- a/99.md +++ b/99.md @@ -40,6 +40,7 @@ The following tags, used for structured metadata, are standardized and SHOULD be - `"<number>"` is the amount in numeric format (but included in the tag as a string) - `"<currency>"` is the currency unit in 3-character ISO 4217 format or ISO 4217-like currency code (e.g. `"btc"`, `"eth"`). - `"<frequency>"` is optional and can be used to describe recurring payments. SHOULD be in noun format (hour, day, week, month, year, etc.) +- - `"status"` (optional), the status of the listing. SHOULD be either "active" or "sold". #### `price` examples From d3dad114e60cb45bb04f2088a68ebd16cf6837df Mon Sep 17 00:00:00 2001 From: fiatjaf_ <fiatjaf@gmail.com> Date: Tue, 6 Feb 2024 20:29:33 -0300 Subject: [PATCH 67/89] NIP-46: replace npub1...#? notation with bunker://... (#1023) --- 46.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/46.md b/46.md index 05247c59..94a052ee 100644 --- a/46.md +++ b/46.md @@ -17,7 +17,7 @@ The client always starts by generating a random key which is used to communicate The remote signer generates a connection token in the form ``` -<npub1...>#<optional-secret>?relay=wss://...&relay=wss://... +bunker://<hex-pubkey>?relay=wss://...&relay=wss://...&secret=<optional-secret> ``` The user copies that token and pastes it in the client UI somehow. Then the client can send events of kind `24133` to the specified relays and wait for responses from the remote signer. @@ -96,4 +96,3 @@ The signer key will always be the key of the user who controls the signer device - **ping** - params: [] - result: `"pong"` - From a46338bd6a183f17a292ea578ee69ff15ea6723f Mon Sep 17 00:00:00 2001 From: Thebora Kompanioni <theborakompanioni@users.noreply.github.com> Date: Thu, 8 Feb 2024 00:03:32 +0100 Subject: [PATCH 68/89] fix(docs): typo in 01.md --- 01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01.md b/01.md index c1e37480..905e45f7 100644 --- a/01.md +++ b/01.md @@ -147,7 +147,7 @@ The `limit` property of a filter is only valid for the initial query and MUST be ### From relay to client: sending events and notices -Relays can send 4 types of messages, which must also be JSON arrays, according to the following patterns: +Relays can send 5 types of messages, which must also be JSON arrays, according to the following patterns: * `["EVENT", <subscription_id>, <event JSON as defined above>]`, used to send events requested by clients. * `["OK", <event_id>, <true|false>, <message>]`, used to indicate acceptance or denial of an `EVENT` message. From 94761a5f3bcfb2c4085ae4d42fced450a2da25eb Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Mon, 12 Feb 2024 22:23:21 +0900 Subject: [PATCH 69/89] Add kinds for NIP-59 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 438f5172..d1c52500 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `6` | Repost | [18](18.md) | | `7` | Reaction | [25](25.md) | | `8` | Badge Award | [58](58.md) | +| `13` | Seal | [59](59.md) | | `16` | Generic Repost | [18](18.md) | | `40` | Channel Creation | [28](28.md) | | `41` | Channel Metadata | [28](28.md) | @@ -100,6 +101,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `1021` | Bid | [15](15.md) | | `1022` | Bid confirmation | [15](15.md) | | `1040` | OpenTimestamps | [03](03.md) | +| `1059` | Gift Wrap | [59](59.md) | | `1063` | File Metadata | [94](94.md) | | `1311` | Live Chat Message | [53](53.md) | | `1971` | Problem Tracker | [nostrocket][nostrocket] | From 3f13eb34bf21f693ee7a8ddaba19229600fd323e Mon Sep 17 00:00:00 2001 From: franzap <126621043+fr4nzap@users.noreply.github.com> Date: Tue, 13 Feb 2024 12:40:57 +0000 Subject: [PATCH 70/89] File metadata sets (#1040) * File metadata sets * Make kind specific to release artifacts * Update example * Update README --- 51.md | 25 +++++++++++++++++++++++++ README.md | 1 + 2 files changed, 26 insertions(+) diff --git a/51.md b/51.md index 9a1639f8..c58d37a6 100644 --- a/51.md +++ b/51.md @@ -49,6 +49,7 @@ Aside from their main identifier, the `"d"` tag, sets can optionally have a `"ti | Curation sets | 30005 | groups of videos picked by users as interesting and/or belonging to the same category | `"a"` (kind:34235 videos) | | Interest sets | 30015 | interest topics represented by a bunch of "hashtags" | `"t"` (hashtags) | | Emoji sets | 30030 | categorized emoji groups | `"emoji"` (see [NIP-30](30.md)) | +| Release artifact sets | 30063 | groups of files of a software release | `"e"` (kind:1063 [file metadata](94.md) events), `"i"` (application identifier, typically reverse domain notation), `"version"` | ## Deprecated standard lists @@ -103,6 +104,30 @@ Some clients have used these lists in the past, but they should work on transiti } ``` +### A _release artifact set_ of an Example App + +```json +{ + "id": "567b41fc9060c758c4216fe5f8d3df7c57daad7ae757fa4606f0c39d4dd220ef", + "pubkey": "d6dc95542e18b8b7aec2f14610f55c335abebec76f3db9e58c254661d0593a0c", + "created_at": 1695327657, + "kind": 30063, + "tags": [ + ["d", "ak8dy3v7"], + ["i", "com.example.app"], + ["version", "0.0.1"], + ["title", "Example App"], + ["image", "http://cdn.site/p/com.example.app/icon.png"], + ["e", "d78ba0d5dce22bfff9db0a9e996c9ef27e2c91051de0c4e1da340e0326b4941e"], // Windows exe + ["e", "f27e2c91051de0c4e1da0d5dce22bfff9db0a9340e0326b4941ed78bae996c9e"], // MacOS dmg + ["e", "9d24ddfab95ba3ff7c03fbd07ad011fff245abea431fb4d3787c2d04aad02332"], // Linux AppImage + ["e", "340e0326b340e0326b4941ed78ba340e0326b4941ed78ba340e0326b49ed78ba"] // PWA + ], + "content": "Example App is a decentralized marketplace for apps", + "sig": "a9a4e2192eede77e6c9d24ddfab95ba3ff7c03fbd07ad011fff245abea431fb4d3787c2d04aad001cb039cb8de91d83ce30e9a94f82ac3c5a2372aa1294a96bd" +} +``` + ## Encryption process pseudocode ```scala diff --git a/README.md b/README.md index d1c52500..caecc016 100644 --- a/README.md +++ b/README.md @@ -148,6 +148,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `30023` | Long-form Content | [23](23.md) | | `30024` | Draft Long-form Content | [23](23.md) | | `30030` | Emoji sets | [51](51.md) | +| `30063` | Release artifact sets | [51](51.md) | | `30078` | Application-specific Data | [78](78.md) | | `30311` | Live Event | [53](53.md) | | `30315` | User Statuses | [38](38.md) | From b5dc891973a1c5a76c39e9c48409d841d2d687c3 Mon Sep 17 00:00:00 2001 From: franzap <_@franzap.com> Date: Mon, 12 Feb 2024 19:45:25 +0000 Subject: [PATCH 71/89] Add PGP as NIP-39 external identity --- 39.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/39.md b/39.md index c819e43b..df1578fb 100644 --- a/39.md +++ b/39.md @@ -20,6 +20,7 @@ A new optional `i` tag is introduced for `kind 0` metadata event contents in add ["i", "twitter:semisol_public", "1619358434134196225"], ["i", "mastodon:bitcoinhackers.org/@semisol", "109775066355589974"] ["i", "telegram:1087295469", "nostrdirectory/770"] + ["i", "pgp:A999B7498D1A8DC473E53C92309F635DAD1B5517", "xsFNBF2V8eEBEADmjYzGOpxEI0J7jQ1qFzlsrjF6NaBSq+UqKw..."] ], ... } @@ -62,3 +63,9 @@ Identity: A Telegram user ID. Proof: A string in the format `<ref>/<id>` which points to a message published in the public channel or group with name `<ref>` and message ID `<id>`. This message should be sent by user ID `<identity>` and have the text `Verifying that I control the following Nostr public key: "<npub encoded public key>"`. This can be located at `https://t.me/<proof>`. + +### `pgp` + +Identity: A PGP fingerprint. + +Proof: PGP signature of the fingerprint used in the identity field. \ No newline at end of file From afbb8dd008969c863f6075645d09fcb1ef283ed2 Mon Sep 17 00:00:00 2001 From: Semisol <45574030+Semisol@users.noreply.github.com> Date: Thu, 15 Feb 2024 01:32:38 +0300 Subject: [PATCH 72/89] remove pgp identity from NIP-39 temporarily the current scheme recommends signing the *fingerprint* of the pgp key, which doesn't tie into the nostr identity this commit temporarily undos the commit adding pgp identities until a proper fixed version is merged just signing the npub string also would not be sufficient, and the message should indicate this is for identity verification ideally, a link to download key material would also be included --- 39.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/39.md b/39.md index df1578fb..c819e43b 100644 --- a/39.md +++ b/39.md @@ -20,7 +20,6 @@ A new optional `i` tag is introduced for `kind 0` metadata event contents in add ["i", "twitter:semisol_public", "1619358434134196225"], ["i", "mastodon:bitcoinhackers.org/@semisol", "109775066355589974"] ["i", "telegram:1087295469", "nostrdirectory/770"] - ["i", "pgp:A999B7498D1A8DC473E53C92309F635DAD1B5517", "xsFNBF2V8eEBEADmjYzGOpxEI0J7jQ1qFzlsrjF6NaBSq+UqKw..."] ], ... } @@ -63,9 +62,3 @@ Identity: A Telegram user ID. Proof: A string in the format `<ref>/<id>` which points to a message published in the public channel or group with name `<ref>` and message ID `<id>`. This message should be sent by user ID `<identity>` and have the text `Verifying that I control the following Nostr public key: "<npub encoded public key>"`. This can be located at `https://t.me/<proof>`. - -### `pgp` - -Identity: A PGP fingerprint. - -Proof: PGP signature of the fingerprint used in the identity field. \ No newline at end of file From cbec02ab52ffb062f7b7712e0ed6ec524cfe0b6a Mon Sep 17 00:00:00 2001 From: Mike Dilger <mike@mikedilger.com> Date: Fri, 16 Feb 2024 09:38:21 +1300 Subject: [PATCH 73/89] NIP-49 [breaking]: password normalized to unicode NFKC format --- 49.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/49.md b/49.md index 6de05eb9..addcf749 100644 --- a/49.md +++ b/49.md @@ -12,7 +12,7 @@ This NIP defines a method by which clients can encrypt (and decrypt) a user's pr Symmetric Encryption Key derivation ----------------------------------- -PASSWORD = read from the user +PASSWORD = Read from the user. The password should be unicode normalized to NFKC format to ensure that the password can be entered identically on other computers/clients. LOG\_N = Let the user or implementer choose one byte representing a power of 2 (e.g. 18 represents 262,144) which is used as the number of rounds for scrypt. Larger numbers take more time and more memory, and offer better protection: From 62c48eff58d6dd4d2b0a817bbb36cd75087f0ae3 Mon Sep 17 00:00:00 2001 From: Michael Dilger <mike@mikedilger.com> Date: Fri, 16 Feb 2024 14:15:32 +1300 Subject: [PATCH 74/89] Breaking changes list (#1052) * Start of new BREAKING.md changes list * more * Make NIP column into links * notes * Make commits links * Remove optional P tag entry, was not breaking * Update BREAKING with nip-49 breaking change --- BREAKING.md | 21 +++++++++++++++++++++ README.md | 5 +++++ 2 files changed, 26 insertions(+) create mode 100644 BREAKING.md diff --git a/BREAKING.md b/BREAKING.md new file mode 100644 index 00000000..2a85a281 --- /dev/null +++ b/BREAKING.md @@ -0,0 +1,21 @@ +# Breaking Changes + +This is a history of NIP changes that potentially break pre-existing implementations, in +reverse chronological order. + +| Date | Commit | NIP | Change | +| ----------- | --------- | -------- | ------ | +| 2024-02-16 | [cbec02ab](https://github.com/nostr-protocol/nips/commit/cbec02ab) | [NIP-49](49.md) | Password first normalized to NFKC | +| 2024-02-15 | [afbb8dd0](https://github.com/nostr-protocol/nips/commit/afbb8dd0) | [NIP-39](39.md) | PGP identity was removed | +| 2024-02-07 | [d3dad114](https://github.com/nostr-protocol/nips/commit/d3dad114) | [NIP-46](46.md) | Connection token format was changed | +| 2024-01-30 | [1a2b21b6](https://github.com/nostr-protocol/nips/commit/1a2b21b6) | [NIP-59](59.md) | 'p' tag became optional | +| 2023-01-27 | [c2f34817](https://github.com/nostr-protocol/nips/commit/c2f34817) | [NIP-47](47.md) | optional expiration tag should be honored | +| 2024-01-10 | [3d8652ea](https://github.com/nostr-protocol/nips/commit/3d8652ea) | [NIP-02](02.md) | list entries should be chronological | +| 2024-01-10 | [3d8652ea](https://github.com/nostr-protocol/nips/commit/3d8652ea) | [NIP-51](51.md) | list entries should be chronological | + +Breaking changes prior to 2024-01-01 are not yet documented. + +## NOTES + +- If it isn't clear that a change is breaking or not, we list it. +- The date is the date it was merged, not necessarily the date of the commit. diff --git a/README.md b/README.md index caecc016..b9ca8aa7 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [Criteria for acceptance of NIPs](#criteria-for-acceptance-of-nips) - [Is this repository a centralizing factor?](#is-this-repository-a-centralizing-factor) - [How this repository works](#how-this-repository-works) +- [Breaking Changes](#breaking-changes) - [License](#license) --- @@ -261,6 +262,10 @@ Standards may emerge in two ways: the first way is that someone starts doing som These two ways of standardizing things are supported by this repository. Although the second is preferred, an effort will be made to codify standards emerged outside this repository into NIPs that can be later referenced and easily understood and implemented by others -- but obviously as in any human system discretion may be applied when standards are considered harmful. +## Breaking Changes + +[Breaking Changes](BREAKING.md) + ## License All NIPs are public domain. From 36d22815878186285825511358e66a52d2bf95e4 Mon Sep 17 00:00:00 2001 From: Michael Dilger <mike@mikedilger.com> Date: Fri, 16 Feb 2024 15:54:47 +1300 Subject: [PATCH 75/89] NIP-49 test vector for unicode normalization (#1054) * NIP-49 [breaking]: password normalized to unicode NFKC format * Test vector for unicode normalization --- 49.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/49.md b/49.md index addcf749..da58ba27 100644 --- a/49.md +++ b/49.md @@ -78,6 +78,22 @@ The decryption process operates in the reverse. Test Data --------- +## Password Unicode Normalization + +The following password input: "ÅΩẛ̣" +- Unicode Codepoints: U+212B U+2126 U+1E9B U+0323 +- UTF-8 bytes: [0xE2, 0x84, 0xAB, 0xE2, 0x84, 0xA6, 0xE1, 0xBA, 0x9B, 0xCC, 0xA3] + +Should be converted into the unicode normalized NFKC format prior to use in scrypt: "ÅΩẛ̣" +- Unicode Codepoints: U+00C5 U+03A9 U+1E69 +- UTF-8 bytes: [0xC3, 0x85, 0xCE, 0xA9, 0xE1, 0xB9, 0xA9] + +## Encryption + +The encryption process is non-deterministic due to the random nonce. + +## Decryption + The following encrypted private key: `ncryptsec1qgg9947rlpvqu76pj5ecreduf9jxhselq2nae2kghhvd5g7dgjtcxfqtd67p9m0w57lspw8gsq6yphnm8623nsl8xn9j4jdzz84zm3frztj3z7s35vpzmqf6ksu8r89qk5z2zxfmu5gv8th8wclt0h4p` @@ -86,8 +102,6 @@ When decrypted with password='nostr' and log_n=16 yields the following hex-encod `3501454135014541350145413501453fefb02227e449e57cf4d3a3ce05378683` -The reverse process is non-deterministic due to the random nonce. - Discussion ---------- From 71b0cbc2de50ca9088398bb3cbf8f9eb6d5a7b53 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Tue, 20 Feb 2024 12:06:06 -0600 Subject: [PATCH 76/89] NIP-07: add NIP-44 calls --- 07.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/07.md b/07.md index 12ae6478..18ca7309 100644 --- a/07.md +++ b/07.md @@ -20,6 +20,8 @@ Aside from these two basic above, the following functions can also be implemente async window.nostr.getRelays(): { [url: string]: {read: boolean, write: boolean} } // returns a basic map of relay urls to relay policies async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04 (deprecated) async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 (deprecated) +async window.nostr.nip44.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-44 +async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-44 ``` ### Implementation From 2390058a3260d778e62df066c0d5bb5e803d2527 Mon Sep 17 00:00:00 2001 From: Alex Gleason <alex@alexgleason.me> Date: Tue, 20 Feb 2024 12:09:40 -0600 Subject: [PATCH 77/89] NIP-07: remove "and iv" from NIP-44 comments --- 07.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/07.md b/07.md index 18ca7309..6c663224 100644 --- a/07.md +++ b/07.md @@ -20,8 +20,8 @@ Aside from these two basic above, the following functions can also be implemente async window.nostr.getRelays(): { [url: string]: {read: boolean, write: boolean} } // returns a basic map of relay urls to relay policies async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-04 (deprecated) async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 (deprecated) -async window.nostr.nip44.encrypt(pubkey, plaintext): string // returns ciphertext and iv as specified in nip-44 -async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-44 +async window.nostr.nip44.encrypt(pubkey, plaintext): string // returns ciphertext as specified in nip-44 +async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext as specified in nip-44 ``` ### Implementation From cbffa7a5de845bd6ed939c77de5540904d011d4b Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Wed, 21 Feb 2024 05:26:44 +0900 Subject: [PATCH 78/89] BREAKING.md: update the history (#1055) * BREAKING.md: add NIP changes until 2023-12-01 * Update BREAKING.md * BREAKING.md: add NIP changes until 2023-11-01 * Update BREAKING.md * Remove change to NIP-22 in 2023-12-02 * BREAKING.md: add NIP changes until 2023-08-01 * BREAKING.md: add NIP changes until 2023-04-01 * BREAKING.md: add NIP changes until 2023-03-01 * BREAKING.md: add NIP changes * Just format --- BREAKING.md | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/BREAKING.md b/BREAKING.md index 2a85a281..cd8c03d3 100644 --- a/BREAKING.md +++ b/BREAKING.md @@ -7,13 +7,37 @@ reverse chronological order. | ----------- | --------- | -------- | ------ | | 2024-02-16 | [cbec02ab](https://github.com/nostr-protocol/nips/commit/cbec02ab) | [NIP-49](49.md) | Password first normalized to NFKC | | 2024-02-15 | [afbb8dd0](https://github.com/nostr-protocol/nips/commit/afbb8dd0) | [NIP-39](39.md) | PGP identity was removed | -| 2024-02-07 | [d3dad114](https://github.com/nostr-protocol/nips/commit/d3dad114) | [NIP-46](46.md) | Connection token format was changed | -| 2024-01-30 | [1a2b21b6](https://github.com/nostr-protocol/nips/commit/1a2b21b6) | [NIP-59](59.md) | 'p' tag became optional | -| 2023-01-27 | [c2f34817](https://github.com/nostr-protocol/nips/commit/c2f34817) | [NIP-47](47.md) | optional expiration tag should be honored | -| 2024-01-10 | [3d8652ea](https://github.com/nostr-protocol/nips/commit/3d8652ea) | [NIP-02](02.md) | list entries should be chronological | -| 2024-01-10 | [3d8652ea](https://github.com/nostr-protocol/nips/commit/3d8652ea) | [NIP-51](51.md) | list entries should be chronological | +| 2024-02-07 | [d3dad114](https://github.com/nostr-protocol/nips/commit/d3dad114) | [NIP-46](46.md) | Connection token format was changed | +| 2024-01-30 | [1a2b21b6](https://github.com/nostr-protocol/nips/commit/1a2b21b6) | [NIP-59](59.md) | 'p' tag became optional | +| 2023-01-27 | [c2f34817](https://github.com/nostr-protocol/nips/commit/c2f34817) | [NIP-47](47.md) | optional expiration tag should be honored | +| 2024-01-10 | [3d8652ea](https://github.com/nostr-protocol/nips/commit/3d8652ea) | [NIP-02](02.md) | list entries should be chronological | +| 2024-01-10 | [3d8652ea](https://github.com/nostr-protocol/nips/commit/3d8652ea) | [NIP-51](51.md) | list entries should be chronological | +| 2023-12-30 | [29869821](https://github.com/nostr-protocol/nips/commit/29869821) | [NIP-52](52.md) | 'name' tag was removed (use 'title' tag instead) | +| 2023-12-27 | [17c67ef5](https://github.com/nostr-protocol/nips/commit/17c67ef5) | [NIP-94](94.md) | 'aes-256-gcm' tag was removed | +| 2023-12-03 | [0ba45895](https://github.com/nostr-protocol/nips/commit/0ba45895) | [NIP-01](01.md) | WebSocket status code `4000` was replaced by 'CLOSED' message | +| 2023-11-28 | [6de35f9e](https://github.com/nostr-protocol/nips/commit/6de35f9e) | [NIP-89](89.md) | 'client' tag value was changed | +| 2023-11-20 | [7822a8b1](https://github.com/nostr-protocol/nips/commit/7822a8b1) | [NIP-51](51.md) | `kind: 30000` and `kind: 30001` were deprecated | +| 2023-11-11 | [cbdca1e9](https://github.com/nostr-protocol/nips/commit/cbdca1e9) | [NIP-84](84.md) | 'range' tag was removed | +| 2023-11-07 | [108b7f16](https://github.com/nostr-protocol/nips/commit/108b7f16) | [NIP-01](01.md) | 'OK' message must have 4 items | +| 2023-10-17 | [cf672b76](https://github.com/nostr-protocol/nips/commit/cf672b76) | [NIP-03](03.md) | 'block' tag was removed | +| 2023-09-29 | [7dc6385f](https://github.com/nostr-protocol/nips/commit/7dc6385f) | [NIP-57](57.md) | optional 'a' tag was included in `zap receipt` | +| 2023-08-21 | [89915e02](https://github.com/nostr-protocol/nips/commit/89915e02) | [NIP-11](11.md) | 'min_prefix' was removed | +| 2023-08-20 | [37c4375e](https://github.com/nostr-protocol/nips/commit/37c4375e) | [NIP-01](01.md) | replaceable events with same timestamp should be retained event with lowest id | +| 2023-08-15 | [88ee873c](https://github.com/nostr-protocol/nips/commit/88ee873c) | [NIP-15](15.md) | 'countries' tag was renamed to 'regions' | +| 2023-08-14 | [72bb8a12](https://github.com/nostr-protocol/nips/commit/72bb8a12) | [NIP-12](12.md) | NIP-12, 16, 20 and 33 were merged into NIP-01 | +| 2023-08-14 | [72bb8a12](https://github.com/nostr-protocol/nips/commit/72bb8a12) | [NIP-16](16.md) | NIP-12, 16, 20 and 33 were merged into NIP-01 | +| 2023-08-14 | [72bb8a12](https://github.com/nostr-protocol/nips/commit/72bb8a12) | [NIP-20](20.md) | NIP-12, 16, 20 and 33 were merged into NIP-01 | +| 2023-08-14 | [72bb8a12](https://github.com/nostr-protocol/nips/commit/72bb8a12) | [NIP-33](33.md) | NIP-12, 16, 20 and 33 were merged into NIP-01 | +| 2023-08-11 | [d87f8617](https://github.com/nostr-protocol/nips/commit/d87f8617) | [NIP-25](25.md) | empty `content` should be considered as "+" | +| 2023-08-01 | [5d63b157](https://github.com/nostr-protocol/nips/commit/5d63b157) | [NIP-57](57.md) | 'zap' tag was changed | +| 2023-07-15 | [d1814405](https://github.com/nostr-protocol/nips/commit/d1814405) | [NIP-01](01.md) | `since` and `until` filters should be `since <= created_at <= until` | +| 2023-07-12 | [a1cd2bd8](https://github.com/nostr-protocol/nips/commit/a1cd2bd8) | [NIP-25](25.md) | custom emoji was supported | +| 2023-06-18 | [83cbd3e1](https://github.com/nostr-protocol/nips/commit/83cbd3e1) | [NIP-11](11.md) | 'image' was renamed to 'icon' | +| 2023-04-13 | [bf0a0da6](https://github.com/nostr-protocol/nips/commit/bf0a0da6) | [NIP-15](15.md) | different NIP was re-added as NIP-15 | +| 2023-04-09 | [fb5b7c73](https://github.com/nostr-protocol/nips/commit/fb5b7c73) | [NIP-15](15.md) | NIP-15 was merged into NIP-01 | +| 2023-03-15 | [e1004d3d](https://github.com/nostr-protocol/nips/commit/e1004d3d) | [NIP-19](19.md) | `1: relay` was changed to optionally | -Breaking changes prior to 2024-01-01 are not yet documented. +Breaking changes prior to 2023-03-01 are not yet documented. ## NOTES From c6cd655c1cba483fa9932b76e5ec62bafc56bc33 Mon Sep 17 00:00:00 2001 From: JeffG <202880+erskingardner@users.noreply.github.com> Date: Tue, 20 Feb 2024 21:56:17 +0100 Subject: [PATCH 79/89] New version of NIP-46 (#1047) * New version of NIP-46 * Update pubkey references * Document what we have * Update terms and kind number in discovery * Update encypt/decrypt calls to handle arrays. Add redirect_uri param for auth_challenges * Move remote signer commands to own section, add appendix for oauth-like stuff. * Add diagrams --- 46.md | 261 +++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 193 insertions(+), 68 deletions(-) diff --git a/46.md b/46.md index 94a052ee..13a2fe4d 100644 --- a/46.md +++ b/46.md @@ -1,98 +1,223 @@ -NIP-46 -====== +# NIP-46 - Nostr Remote Signing -Nostr Connect -------------- +## Rationale -`draft` `optional` +Private keys should be exposed to as few systems - apps, operating systems, devices - as possible as each system adds to the attack surface. -This NIP describes a method for 2-way communication between a **remote signer** and a normal Nostr client. The remote signer could be, for example, a hardware device dedicated to signing Nostr events, while the client is a normal Nostr client. +This NIP describes a method for 2-way communication between a remote signer and a Nostr client. The remote signer could be, for example, a hardware device dedicated to signing Nostr events, while the client is a normal Nostr client. -## Signer Discovery +## Terminology -The client always starts by generating a random key which is used to communicate with the signer, then it one of the methods below is used to allow the client to know what is the signer public key for the session and which relays to use. +- **Local keypair**: A local public and private key-pair used to encrypt content and communicate with the remote signer. Usually created by the client application. +- **Remote user pubkey**: The public key that the user wants to sign as. The remote signer has control of the private key that matches this public key. +- **Remote signer pubkey**: This is the public key of the remote signer itself. This is needed in both `create_account` command because you don't yet have a remote user pubkey. -### Started by the signer (nsecBunker) +All pubkeys specified in this NIP are in hex format. -The remote signer generates a connection token in the form +## Initiating a connection + +To initiate a connection between a client and a remote signer there are a few different options. + +### Direct connection initiated by remote signer + +This is most common in a situation where you have your own nsecbunker or other type of remote signer and want to connect through a client that supports remote signing. + +The remote signer would provide a connection token in the form: ``` -bunker://<hex-pubkey>?relay=wss://...&relay=wss://...&secret=<optional-secret> +bunker://<remote-pubkey>?relay=<wss://relay-to-connect-on>&relay=<wss://another-relay-to-connect-on>&secret=<optional-secret-value> ``` -The user copies that token and pastes it in the client UI somehow. Then the client can send events of kind `24133` to the specified relays and wait for responses from the remote signer. +This token is pasted into the client by the user and the client then uses the details to connect to the remote signer via the specified relay(s). -### Started by the client +### Direct connection initiated by the client -The client generates a QR code in the following form (URL-encoded): +In this case, basically the opposite direction of the first case, the client provides a connection token (or encodes the token in a QR code) and the signer initiates a connection to the client via the specified relay(s). ``` -nostrconnect://<client-key-hex>?relay=wss://...&metadata={"name":"...", "url": "...", "description": "..."} +nostrconnect://<local-keypair-pubkey>?relay=<wss://relay-to-connect-on>&metadata=<json metadata in the form: {"name":"...", "url": "...", "description": "..."}> ``` -The signer scans the QR code and sends a `connect` message to the client in the specified relays. +## The flow -## Event payloads +1. Client creates a local keypair. This keypair doesn't need to be communicated to the user since it's largely disposable (i.e. the user doesn't need to see this pubkey). Clients might choose to store it locally and they should delete it when the user logs out. +2. Client gets the remote user pubkey (either via a `bunker://` connection string or a NIP-05 login-flow; shown below) +3. Clients use the local keypair to send requests to the remote signer by `p`-tagging and encrypting to the remote user pubkey. +4. The remote signer responds to the client by `p`-tagging and encrypting to the local keypair pubkey. -Event payloads are [NIP-04](04.md)-encrypted JSON blobs that look like JSONRPC messages (their format is specified inside the `.content` of the event formats below). +### Example flow for signing an event -Events sent by the client to the remote signer have the following format: +- Remote user pubkey (e.g. signing as) `fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52` +- Local pubkey is `eff37350d839ce3707332348af4549a96051bd695d3223af4aabce4993531d86` -```js +#### Signature request + +```json { - "pubkey": "<client-key-hex>" - "kind": 24133, - "tags": [ - ["p", "<signer-key-hex>"] - ], - "content": "nip04_encrypted_json({id: <random-string>, method: <see-below>, params: [array_of_strings]})", - ... + "kind": 24133, + "pubkey": "eff37350d839ce3707332348af4549a96051bd695d3223af4aabce4993531d86", + "content": nip04({ + "id": <random_string>, + "method": "sign_event", + "params": [json_stringified(<{ + content: "Hello, I'm signing remotely", + pubkey: "fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52", + // ...the rest of the event data + }>)] + }), + "tags": [["p", "fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52"]], // p-tags the remote user pubkey } ``` -And the events the remote signer sends to the client have the following format: +#### Response event -```js - "pubkey": "<signer-key-hex>" - "kind": 24133, - "tags": [ - ["p", "<client-key-hex>"] - ], - "content": "nip04_encrypted_json({id: <request-id>, result: <string>, error: <reason-string>})", - ... +```json +{ + "kind": 24133, + "pubkey": "fa984bd7dbb282f07e16e7ae87b26a2a7b9b90b7246a44771f0cf5ae58018f52", + "content": nip04({ + "id": <random_string>, + "result": json_stringified(<signed-event>) + }), + "tags": [["p", "eff37350d839ce3707332348af4549a96051bd695d3223af4aabce4993531d86"]], // p-tags the local keypair pubkey +} ``` -The signer key will always be the key of the user who controls the signer device. +#### Diagram -### Methods +![signing-example](https://i.nostr.build/P3gW.png) -- **connect** - - params: [`pubkey`, `secret`] - - result: `"ack"` -- **get_public_key** - - params: [] - - result: `pubkey-hex` -- **sign_event** - - params: [`event`] - - result: `json_string(event_with_pubkey_id_and_signature)` -- **get_relays** - - params: [] - - result: `json_string({[url: string]: {read: boolean, write: boolean}})` -- **nip04_encrypt** - - params: [`third-party-pubkey`, `plaintext`] - - result: `nip04-ciphertext` -- **nip04_decrypt** - - params: [`third-party-pubkey`, `nip04-ciphertext`] - - result: `plaintext` -- **nip44_get_key** - - params: [`third-party-pubkey`] - - result: `nip44-conversation-key` -- **nip44_encrypt** - - params: [`third-party-pubkey`, `plaintext`] - - result: `nip44-ciphertext` -- **nip44_decrypt** - - params: [`third-party-pubkey`, `nip44-ciphertext`] - - result: `plaintext` -- **ping** - - params: [] - - result: `"pong"` +## Request Events `kind: 24133` + +```json +{ + "id": <id>, + "kind": 24133, + "pubkey": <local_keypair_pubkey>, + "content": <nip04(<request>)>, + "tags": [["p", <remote_user_pubkey>]], // NB: in the `create_account` event, the remote signer pubkey should be `p` tagged. + "created_at": <unix timestamp in seconds>, +} +``` + +The `content` field is a JSON-RPC-like message that is [NIP-04](https://github.com/nostr-protocol/nips/blob/master/04.md) encrypted and has the following structure: + +```json +{ + "id": <random_string>, + "method": <method_name>, + "params": [array_of_strings] +} +``` + +- `id` is a random string that is a request ID. This same ID will be sent back in the response payload. +- `method` is the name of the method/command (detailed below). +- `params` is a positional array of string parameters. + +### Methods/Commands + +Each of the following are methods that the client sends to the remote signer. + +| Command | Params | Result | +| ------------------------ | ------------------------------------------------- | ---------------------------------------------------------------------- | +| `connect` | `[<remote_user_pubkey>, <optional_secret>]` | "ack" | +| `sign_event` | `[<json_stringified_event_to_sign>]` | `json_stringified(<signed_event>)` | +| `ping` | `[]` | "pong" | +| `get_relays` | `[]` | `json_stringified({<relay_url>: {read: <boolean>, write: <boolean>}})` | +| `get_public_key` | `[]` | `<hex-pubkey>` | +| `nip04_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip04_ciphertext>` | +| `nip04_decrypt` | `[<third_party_pubkey>, <ciphertext_to_decrypt>]` | `<plaintext>` | +| `nip44_conversation_key` | Potential future addition | | +| `nip44_encrypt` | Potential future addition | | +| `nip44_decrypt` | Potential future addition | | + +## Response Events `kind:24133` + +```json +{ + "id": <id>, + "kind": 24133, + "pubkey": <remote_signer_pubkey>, + "content": <nip04(<response>)>, + "tags": [["p", <local_keypair_pubkey>]], + "created_at": <unix timestamp in seconds>, +} +``` + +The `content` field is a JSON-RPC-like message that is [NIP-04](https://github.com/nostr-protocol/nips/blob/master/04.md) encrypted and has the following structure: + +```json +{ + "id": <request_id>, + "result": <results_string>, + "error": <error_string> +} +``` + +- `id` is the request ID that this response is for. +- `results` is a string of the result of the call (this can be either a string or a JSON stringified object) +- `error` is an error in string form. + +### Auth Challenges + +An Auth Challenge is a response that a remote signer can send back when it needs the user to authenticate via other means. This is currently used in the OAuth-like flow enabled by signers like [Nsecbunker](https://github.com/kind-0/nsecbunkerd/). The response `content` object will take the following form: + +```json +{ + "id": <request_id>, + "result": "auth_url", + "error": <URL_to_display_to_end_user> +} +``` + +Clients should display (in a popup or new tab) the URL from the `error` field and then subscribe/listen for another response from the remote signer (reusing the same request ID). This event will be sent once the user authenticates in the other window (or will never arrive if the user doesn't authenticate). It's also possible to add a `redirect_uri` url parameter to the auth_url, which is helpful in situations when a client cannot open a new window or tab to display the auth challenge. + +#### Example event signing request with auth challenge + +![signing-example-with-auth-challenge](https://i.nostr.build/W3aj.png) + +## Remote Signer Commands + +Remote signers might support additional commands when communicating directly with it. These commands follow the same flow as noted above, the only difference is that when the client sends a request event, the `p`-tag is the pubkey of the remote signer itself and the `content` payload is encrypted to the same remote signer pubkey. + +### Methods/Commands + +Each of the following are methods that the client sends to the remote signer. + +| Command | Params | Result | +| ---------------- | ------------------------------------------ | ------------------------------------ | +| `create_account` | `[<username>, <domain>, <optional_email>]` | `<newly_created_remote_user_pubkey>` | + +## Appendix + +### NIP-05 Login Flow + +Clients might choose to present a more familiar login flow, so users can type a NIP-05 address instead of a `bunker://` string. + +When the user types a NIP-05 the client: + +- Queries the `/.well-known/nostr.json` file from the domain for the NIP-05 address provided to get the user's pubkey (this is the **remote user pubkey**) +- In the same `/.well-known/nostr.json` file, queries for the `nip46` key to get the relays that the remote signer will be listening on. +- Now the client has enough information to send commands to the remote signer on behalf of the user. + +### OAuth-like Flow + +#### Remote signer discovery via NIP-89 + +In this last case, most often used to fascilitate an OAuth-like signin flow, the client first looks for remote signers that have announced themselves via NIP-89 application handler events. + +First the client will query for `kind: 31990` events that have a `k` tag of `24133`. + +These are generally shown to a user, and once the user selects which remote signer to use and provides the remote user pubkey they want to use (via npub, pubkey, or nip-05 value), the client can initiate a connection. Note that it's on the user to select the remote signer that is actually managing the remote key that they would like to use in this case. If the remote user pubkey is managed on another remote signer, the connection will fail. + +In addition, it's important that clients validate that the pubkey of the announced remote signer matches the pubkey of the `_` entry in the `/.well-known/nostr.json` file of the remote signer's announced domain. + +Clients that allow users to create new accounts should also consider validating the availability of a given username in the namespace of remote signer's domain by checking the `/.well-known/nostr.json` file for existing usernames. Clients can then show users feedback in the UI before sending a `create_account` event to the remote signer and receiving an error in return. Ideally, remote signers would also respond with understandable error messages if a client tries to create an account with an existing username. + +#### Example Oauth-like flow to create a new user account with Nsecbunker + +Coming soon... + +## References + +- [NIP-04 - Encryption](https://github.com/nostr-protocol/nips/blob/master/04.md) From 9c7ae62e53e6e423d301575546581c700b6f9d9f Mon Sep 17 00:00:00 2001 From: monlovesmango <monlovesmango@protonmail.com> Date: Tue, 20 Feb 2024 16:17:40 -0600 Subject: [PATCH 80/89] update nip44 encrypt/decrypt --- 46.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/46.md b/46.md index 13a2fe4d..b8946408 100644 --- a/46.md +++ b/46.md @@ -126,10 +126,10 @@ Each of the following are methods that the client sends to the remote signer. | `get_relays` | `[]` | `json_stringified({<relay_url>: {read: <boolean>, write: <boolean>}})` | | `get_public_key` | `[]` | `<hex-pubkey>` | | `nip04_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip04_ciphertext>` | -| `nip04_decrypt` | `[<third_party_pubkey>, <ciphertext_to_decrypt>]` | `<plaintext>` | +| `nip04_decrypt` | `[<third_party_pubkey>, <nip04_ciphertext_to_decrypt>]` | `<plaintext>` | | `nip44_conversation_key` | Potential future addition | | -| `nip44_encrypt` | Potential future addition | | -| `nip44_decrypt` | Potential future addition | | +| `nip44_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip44_ciphertext>` | +| `nip44_decrypt` | `[<third_party_pubkey>, <nip44_ciphertext_to_decrypt>]` | `<plaintext>` | ## Response Events `kind:24133` From ff39f492e1aebdb401100b3e6f848ca0600ef9b1 Mon Sep 17 00:00:00 2001 From: monlovesmango <96307647+monlovesmango@users.noreply.github.com> Date: Tue, 20 Feb 2024 16:29:01 -0600 Subject: [PATCH 81/89] update nip44_get_conversation_key --- 46.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/46.md b/46.md index b8946408..db805fbf 100644 --- a/46.md +++ b/46.md @@ -126,10 +126,10 @@ Each of the following are methods that the client sends to the remote signer. | `get_relays` | `[]` | `json_stringified({<relay_url>: {read: <boolean>, write: <boolean>}})` | | `get_public_key` | `[]` | `<hex-pubkey>` | | `nip04_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip04_ciphertext>` | -| `nip04_decrypt` | `[<third_party_pubkey>, <nip04_ciphertext_to_decrypt>]` | `<plaintext>` | -| `nip44_conversation_key` | Potential future addition | | +| `nip04_decrypt` | `[<third_party_pubkey>, <nip04_ciphertext_to_decrypt>]` | `<plaintext>` | +| `nip44_get_conversation_key` | `[<third_party_pubkey>]` | `<nip44_conversation_key>` | | `nip44_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip44_ciphertext>` | -| `nip44_decrypt` | `[<third_party_pubkey>, <nip44_ciphertext_to_decrypt>]` | `<plaintext>` | +| `nip44_decrypt` | `[<third_party_pubkey>, <nip44_ciphertext_to_decrypt>]` | `<plaintext>` | ## Response Events `kind:24133` From 0045106dd1d08c38006d9a1c089081202078496e Mon Sep 17 00:00:00 2001 From: monlovesmango <96307647+monlovesmango@users.noreply.github.com> Date: Wed, 21 Feb 2024 10:03:33 -0600 Subject: [PATCH 82/89] leave nip44_get_conversation_key undefined for now --- 46.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/46.md b/46.md index db805fbf..b0e5c769 100644 --- a/46.md +++ b/46.md @@ -127,9 +127,9 @@ Each of the following are methods that the client sends to the remote signer. | `get_public_key` | `[]` | `<hex-pubkey>` | | `nip04_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip04_ciphertext>` | | `nip04_decrypt` | `[<third_party_pubkey>, <nip04_ciphertext_to_decrypt>]` | `<plaintext>` | -| `nip44_get_conversation_key` | `[<third_party_pubkey>]` | `<nip44_conversation_key>` | | `nip44_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip44_ciphertext>` | | `nip44_decrypt` | `[<third_party_pubkey>, <nip44_ciphertext_to_decrypt>]` | `<plaintext>` | +| `nip44_get_conversation_key`| _Potential future addition_ | | ## Response Events `kind:24133` From f1f992e95ee369c766d486807ad208c0769532dd Mon Sep 17 00:00:00 2001 From: Jon Staab <shtaab@gmail.com> Date: Wed, 21 Feb 2024 08:17:42 -0800 Subject: [PATCH 83/89] Remove get_conversation_key --- 46.md | 1 - 1 file changed, 1 deletion(-) diff --git a/46.md b/46.md index b0e5c769..d9343008 100644 --- a/46.md +++ b/46.md @@ -129,7 +129,6 @@ Each of the following are methods that the client sends to the remote signer. | `nip04_decrypt` | `[<third_party_pubkey>, <nip04_ciphertext_to_decrypt>]` | `<plaintext>` | | `nip44_encrypt` | `[<third_party_pubkey>, <plaintext_to_encrypt>]` | `<nip44_ciphertext>` | | `nip44_decrypt` | `[<third_party_pubkey>, <nip44_ciphertext_to_decrypt>]` | `<plaintext>` | -| `nip44_get_conversation_key`| _Potential future addition_ | | ## Response Events `kind:24133` From 4313fbf7a5c1d7d2c29e414ed68104641f3286fa Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Thu, 22 Feb 2024 12:30:18 +0900 Subject: [PATCH 84/89] NIP-46, NIP-49, NIP-65: fix typos --- 46.md | 4 ++-- 49.md | 14 +++++++------- 65.md | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/46.md b/46.md index d9343008..eb964942 100644 --- a/46.md +++ b/46.md @@ -96,7 +96,7 @@ nostrconnect://<local-keypair-pubkey>?relay=<wss://relay-to-connect-on>&metadata "pubkey": <local_keypair_pubkey>, "content": <nip04(<request>)>, "tags": [["p", <remote_user_pubkey>]], // NB: in the `create_account` event, the remote signer pubkey should be `p` tagged. - "created_at": <unix timestamp in seconds>, + "created_at": <unix timestamp in seconds> } ``` @@ -139,7 +139,7 @@ Each of the following are methods that the client sends to the remote signer. "pubkey": <remote_signer_pubkey>, "content": <nip04(<response>)>, "tags": [["p", <local_keypair_pubkey>]], - "created_at": <unix timestamp in seconds>, + "created_at": <unix timestamp in seconds> } ``` diff --git a/49.md b/49.md index da58ba27..731f132d 100644 --- a/49.md +++ b/49.md @@ -16,13 +16,13 @@ PASSWORD = Read from the user. The password should be unicode normalized to NFKC LOG\_N = Let the user or implementer choose one byte representing a power of 2 (e.g. 18 represents 262,144) which is used as the number of rounds for scrypt. Larger numbers take more time and more memory, and offer better protection: - | LOG\_N | MEMORY REQUIRED | APPROX TIME ON FAST COMPUTER | - |--------|-----------------|----------------------------- | - | 16 | 64 MiB | 100 ms | - | 18 | 256 MiB | | - | 20 | 1 GiB | 2 seconds | - | 21 | 2 GiB | | - | 22 | 4 GiB | | + | LOG_N | MEMORY REQUIRED | APPROX TIME ON FAST COMPUTER | + |-------|-----------------|----------------------------- | + | 16 | 64 MiB | 100 ms | + | 18 | 256 MiB | | + | 20 | 1 GiB | 2 seconds | + | 21 | 2 GiB | | + | 22 | 4 GiB | | SALT = 16 random bytes diff --git a/65.md b/65.md index 4a6f5a11..1a2d7e81 100644 --- a/65.md +++ b/65.md @@ -19,7 +19,7 @@ The `.content` is not used. ["r", "wss://alicerelay.example.com"], ["r", "wss://brando-relay.com"], ["r", "wss://expensive-relay.example2.com", "write"], - ["r", "wss://nostr-relay.example.com", "read"], + ["r", "wss://nostr-relay.example.com", "read"] ], "content": "", ...other fields From 996ef456057c6f91320411098c259c3b68f3cc77 Mon Sep 17 00:00:00 2001 From: William Casarin <jb55@jb55.com> Date: Thu, 22 Feb 2024 11:38:39 -0800 Subject: [PATCH 85/89] Use `q` instead of `e` tags for quote reposts Signed-off-by: William Casarin <jb55@jb55.com> --- 18.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/18.md b/18.md index ba96c895..27c5915a 100644 --- a/18.md +++ b/18.md @@ -20,9 +20,10 @@ reposted. ## Quote Reposts -Quote reposts are `kind 1` events with an embedded `e` tag -(see [NIP-08](08.md) and [NIP-27](27.md)). Because a quote repost includes -an `e` tag, it may show up along replies to the reposted note. +Quote reposts are `kind 1` events with an embedded `q` tag of the note being +quote reposted. The `q` tag ensures quote reposts are not pulled and included +as replies in threads. It also allows you to easily pull and count all of the +quotes for a post. ## Generic Reposts From 84236acdd9fa84206beb27a4c7353a191393bf41 Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Fri, 23 Feb 2024 22:48:42 +0900 Subject: [PATCH 86/89] NIP-92: Clarify that `imeta` tag can be ignored --- 92.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/92.md b/92.md index b857d6ce..b332d211 100644 --- a/92.md +++ b/92.md @@ -41,3 +41,5 @@ after the file is uploaded and included in the post. When pasting URLs during post composition, the client MAY download the file and add this metadata before the post is sent. + +The client MAY ignore `imeta` tags that do not match the URL in the event content. From 383eb594b4cabc4d8f606937c86440037b77a8f8 Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Mon, 26 Feb 2024 10:07:55 +0900 Subject: [PATCH 87/89] README: add q tag --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b9ca8aa7..634ea056 100644 --- a/README.md +++ b/README.md @@ -206,6 +206,7 @@ Please update these lists when proposing NIPs introducing new event kinds. | `l` | label, label namespace | annotations | [32](32.md) | | `L` | label namespace | -- | [32](32.md) | | `m` | MIME type | -- | [94](94.md) | +| `q` | event id (hex) | relay URL, marker | [18](18.md) | | `r` | a reference (URL, etc) | petname | | | `r` | relay url | marker | [65](65.md) | | `t` | hashtag | -- | | From c9b3abfa3c531a926f0865d10e6d5ed746da3825 Mon Sep 17 00:00:00 2001 From: Asai Toshiya <to.asai.60@gmail.com> Date: Mon, 26 Feb 2024 12:30:49 +0900 Subject: [PATCH 88/89] Remove marker Co-authored-by: Alex Gleason <alex@alexgleason.me> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 634ea056..3273ab06 100644 --- a/README.md +++ b/README.md @@ -206,7 +206,7 @@ Please update these lists when proposing NIPs introducing new event kinds. | `l` | label, label namespace | annotations | [32](32.md) | | `L` | label namespace | -- | [32](32.md) | | `m` | MIME type | -- | [94](94.md) | -| `q` | event id (hex) | relay URL, marker | [18](18.md) | +| `q` | event id (hex) | relay URL | [18](18.md) | | `r` | a reference (URL, etc) | petname | | | `r` | relay url | marker | [65](65.md) | | `t` | hashtag | -- | | From 5b2461eb01f784d546f77cfc21af26bf7e4b6670 Mon Sep 17 00:00:00 2001 From: fiatjaf_ <fiatjaf@gmail.com> Date: Wed, 28 Feb 2024 11:50:54 -0300 Subject: [PATCH 89/89] NIP-29: Simple Groups (#566) * NIP-29: Simple Group Chat. * split hostname and subgroup path into two different tag items. * add and remove permissions actions. * fix kind number for moderation event. * add missing / to "flavors" in example. * some new ideas + making this universal and not only applicable to chat. * fix delete-message => delete-event. * flesh out the entire thing. * saner approach with multiple kinds for moderation. * delete-event as kind 9005. * update meta events description. * `public` and `open` tags and join request event. * edit-group-status permission. * add kinds to README. * add kind:12 * add nip-10 note * add optional list of members * admins prefixed by "p". * remove "alt" from event templates for brevity. * add kind 10009 for public list of simple groups. * update "previous" stuff. * remove naddr stuff, use a different identifier format. * remove reference to trimmed signatures until that is more developed. * add kind:10 threaded chat replies. --------- Co-authored-by: Pablo Fernandez <p@f7z.io> --- 29.md | 197 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 51.md | 1 + README.md | 8 +++ 3 files changed, 206 insertions(+) create mode 100644 29.md diff --git a/29.md b/29.md new file mode 100644 index 00000000..0f4a5796 --- /dev/null +++ b/29.md @@ -0,0 +1,197 @@ +NIP-29 +====== + +Relay-based Groups +------------------ + +`draft` `optional` + +This NIP defines a standard for groups that are only writable by a closed set of users. They can be public for reading by external users or not. + +Groups are identified by a random string of any length that serves as an _id_. + +There is no way to create a group, what happens is just that relays (most likely when asked by users) will create rules around some specific ids so these ids can serve as an actual group, henceforth messages sent to that group will be subject to these rules. + +Normally a group will originally belong to one specific relay, but the community may choose to move the group to other relays or even fork the group so it exists in different forms -- still using the same _id_ -- across different relays. + +## Relay-generated events + +Relays are supposed to generate the events that describe group metadata and group admins. These are parameterized replaceable events signed by the relay keypair directly, with the group _id_ as the `d` tag. + +## Group identifier + +A group may be identified by a string in the format `<host>'<group-id>`. For example, a group with _id_ `abcdef` hosted at the relay `wss://groups.nostr.com` would be identified by the string `groups.nostr.com'abcdef`. + +## The `h` tag + +Events sent by users to groups (chat messages, text notes, moderation events etc) must have an `h` tag with the value set to the group _id_. + +## Timeline references + +In order to not be used out of context, events sent to these groups may contain references to previous events seen from the same relay in the `previous` tag. The choice of which previous events to pick belongs to the clients. The references are to be made using the first 8 characters (4 bytes) of any event in the last 50 events seen by the user in the relay, excluding events by themselves. There can be any number of references (including zero), but it's recommended that clients include at least 3 and that relays enforce this. + +This is a hack to prevent messages from being broadcasted to external relays that have forks of one group out of context. Relays are expected to reject any events that contain timeline references to events not found in their own database. Clients should also check these to keep relays honest about them. + +## Late publication + +Relays should prevent late publication (messages published now with a timestamp from days or even hours ago) unless they are open to receive a group forked or moved from another relay. + +## Event definitions + +- *text root note* (`kind:11`) + +This is the basic unit of a "microblog" root text note sent to a group. + +```js + "kind": 11, + "content": "hello my friends lovers of pizza", + "tags": [ + ["h", "<group-id>"], + ["previous", "<event-id-first-chars>", "<event-id-first-chars>", ...] + ] + ... +``` + +- *threaded text reply* (`kind:12`) + +This is the basic unit of a "microblog" reply note sent to a group. It's the same as `kind:11`, except for the fact that it must be used whenever it's in reply to some other note (either in reply to a `kind:11` or a `kind:12`). `kind:12` events SHOULD use NIP-10 markers, leaving an empty relay url: + +* `["e", "<kind-11-root-id>", "", "root"]` +* `["e", "<kind-12-event-id>", "", "reply"]` + +- *chat message* (`kind:9`) + +This is the basic unit of a _chat message_ sent to a group. + +```js + "kind": 9, + "content": "hello my friends lovers of pizza", + "tags": [ + ["h", "<group-id>"], + ["previous", "<event-id-first-chars>", "<event-id-first-chars>", ...] + ] + ... +``` + +- *chat message threaded reply* (`kind:10`) + +Similar to `kind:12`, this is the basic unit of a chat message sent to a group. This is intended for in-chat threads that may be hidden by default. Not all in-chat replies MUST use `kind:10`, only when the intention is to create a hidden thread that isn't part of the normal flow of the chat (although clients are free to display those by default too). + +`kind:10` SHOULD use NIP-10 markers, just like `kind:12`. + +- *join request* (`kind:9021`) + +Any user can send one of these events to the relay in order to be automatically or manually added to the group. If the group is `open` the relay will automatically issue a `kind:9000` in response adding this user. Otherwise group admins may choose to query for these requests and act upon them. + +```js +{ + "kind": 9021, + "content": "optional reason", + "tags": [ + ["h", "<group-id>"] + ] +} +``` + +- *moderation events* (`kinds:9000-9020`) (optional) + +Clients can send these events to a relay in order to accomplish a moderation action. Relays must check if the pubkey sending the event is capable of performing the given action. The relay may discard the event after taking action or keep it as a moderation log. + +```js +{ + "kind": 90xx, + "content": "optional reason", + "tags": [ + ["h", "<group-id>"], + ["previous", ...] + ] +} +``` + +Each moderation action uses a different kind and requires different arguments, which are given as tags. These are defined in the following table: + +| kind | name | tags | +| --- | --- | --- | +| 9000 | `add-user` | `p` (pubkey hex) | +| 9001 | `remove-user` | `p` (pubkey hex) | +| 9002 | `edit-metadata` | `name`, `about`, `picture` (string) | +| 9003 | `add-permission` | `p` (pubkey), `permission` (name) | +| 9004 | `remove-permission` | `p` (pubkey), `permission` (name) | +| 9005 | `delete-event` | `e` (id hex) | +| 9006 | `edit-group-status` | `public` or `private`, `open` or `closed` | + +- *group metadata* (`kind:39000`) (optional) + +This event defines the metadata for the group -- basically how clients should display it. It must be generated and signed by the relay in which is found. Relays shouldn't accept these events if they're signed by anyone else. + +If the group is forked and hosted in multiple relays, there will be multiple versions of this event in each different relay and so on. + +```js +{ + "kind": 39000, + "content": "", + "tags": [ + ["d", "<group-id>"], + ["name", "Pizza Lovers"], + ["picture", "https://pizza.com/pizza.png"], + ["about", "a group for people who love pizza"], + ["public"], // or ["private"] + ["open"] // or ["closed"] + ] + ... +} +``` + +`name`, `picture` and `about` are basic metadata for the group for display purposes. `public` signals the group can be _read_ by anyone, while `private` signals that only AUTHed users can read. `open` signals that anyone can request to join and the request will be automatically granted, while `closed` signals that members must be pre-approved or that requests to join will be manually handled. + +- *group admins* (`kind:39001`) (optional) + +Similar to the group metadata, this event is supposed to be generated by relays that host the group. + +Each admin gets a label that is only used for display purposes, and a list of permissions it has are listed afterwards. These permissions can inform client building UI, but ultimately are evaluated by the relay in order to become effective. + +The list of capabilities, as defined by this NIP, for now, is the following: + +- `add-user` +- `edit-metadata` +- `delete-event` +- `remove-user` +- `add-permission` +- `remove-permission` +- `edit-group-status` + +```js +{ + "kind": 39001, + "content": "list of admins for the pizza lovers group", + "tags": [ + ["d", "<group-id>"], + ["p", "<pubkey1-as-hex>", "ceo", "add-user", "edit-metadata", "delete-event", "remove-user"], + ["p", "<pubkey2-as-hex>", "secretary", "add-user", "delete-event"] + ] + ... +} +``` + +- *group members* (`kind:39002`) (optional) + +Similar to *group admins*, this event is supposed to be generated by relays that host the group. + +It's a NIP-51-like list of pubkeys that are members of the group. Relays might choose to not to publish this information or to restrict what pubkeys can fetch it. + +```json +{ + "kind": 39002, + "content": "list of members for the pizza lovers group", + "tags": [ + ["d", "<group-id>"], + ["p", "<admin1>"], + ["p", "<member-pubkey1>"], + ["p", "<member-pubkey2>"], + ] +} +``` + +## Storing the list of groups a user belongs to + +A definition for kind `10009` was included in [NIP-51](51.md) that allows clients to store the list of groups a user wants to remember being in. diff --git a/51.md b/51.md index c58d37a6..95acbc81 100644 --- a/51.md +++ b/51.md @@ -29,6 +29,7 @@ For example, _mute list_ can contain the public keys of spammers and bad actors | Public chats | 10005 | [NIP-28](28.md) chat channels the user is in | `"e"` (kind:40 channel definitions) | | Blocked relays | 10006 | relays clients should never connect to | `"relay"` (relay URLs) | | Search relays | 10007 | relays clients should use when performing search queries | `"relay"` (relay URLs) | +| Simple groups | 10009 | [NIP-29](29.md) groups the user is in | `"group"` ([NIP-29](29.md) group ids + mandatory relay URL) | | Interests | 10015 | topics a user may be interested in and pointers | `"t"` (hashtags) and `"a"` (kind:30015 interest set) | | Emojis | 10030 | user preferred emojis and pointers to emoji sets | `"emoji"` (see [NIP-30](30.md)) and `"a"` (kind:30030 emoji set) | diff --git a/README.md b/README.md index 3273ab06..505e3e03 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos - [NIP-26: Delegated Event Signing](26.md) - [NIP-27: Text Note References](27.md) - [NIP-28: Public Chat](28.md) +- [NIP-29: Relay-based Groups](29.md) - [NIP-30: Custom Emoji](30.md) - [NIP-31: Dealing with Unknown Events](31.md) - [NIP-32: Labeling](32.md) @@ -92,6 +93,10 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `6` | Repost | [18](18.md) | | `7` | Reaction | [25](25.md) | | `8` | Badge Award | [58](58.md) | +| `9` | Group Chat Message | [29](29.md) | +| `10` | Group Chat Threaded Reply | [29](29.md) | +| `11` | Group Thread | [29](29.md) | +| `12` | Group Thread Reply | [29](29.md) | | `13` | Seal | [59](59.md) | | `16` | Generic Repost | [18](18.md) | | `40` | Channel Creation | [28](28.md) | @@ -112,6 +117,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `5000`-`5999` | Job Request | [90](90.md) | | `6000`-`6999` | Job Result | [90](90.md) | | `7000` | Job Feedback | [90](90.md) | +| `9000`-`9030` | Group Control Events | [29](29.md) | | `9041` | Zap Goal | [75](75.md) | | `9734` | Zap Request | [57](57.md) | | `9735` | Zap | [57](57.md) | @@ -124,6 +130,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `10005` | Public chats list | [51](51.md) | | `10006` | Blocked relays list | [51](51.md) | | `10007` | Search relays list | [51](51.md) | +| `10009` | User groups | [51](51.md), [29](29.md) | | `10015` | Interests list | [51](51.md) | | `10030` | User emoji list | [51](51.md) | | `10096` | File storage server list | [96](96.md) | @@ -161,6 +168,7 @@ They exist to document what may be implemented by [Nostr](https://github.com/nos | `31925` | Calendar Event RSVP | [52](52.md) | | `31989` | Handler recommendation | [89](89.md) | | `31990` | Handler information | [89](89.md) | +| `39000-9` | Group metadata events | [29](29.md) | | `34550` | Community Definition | [72](72.md) | [nostrocket]: https://github.com/nostrocket/NIPS/blob/main/Problems.md