Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NIP-78 settings encryption or NIP-42 for paid/private relays #83

Open
avra911 opened this issue Jul 20, 2024 · 0 comments
Open

NIP-78 settings encryption or NIP-42 for paid/private relays #83

avra911 opened this issue Jul 20, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@avra911
Copy link

avra911 commented Jul 20, 2024

Summary

NIP-78, or the "Personal Private Data" proposal, enables applications to generate and store personal private data for users within the Nostr protocol. This includes sensitive information that should be protected to ensure user privacy and security. Encrypting and decrypting this data for each user is crucial, especially when storing sensitive information like private relays with tokens.

Basic example

An example of using NIP-78 would be an application storing user-specific private relay URLs and associated tokens. The application would encrypt this information before storing it and decrypt it only when the user accesses their data. Here's a basic outline of the process:

Encryption: When a user adds a private relay URL with a token, the application encrypts this data using the user's public key.
Storage: The encrypted data is stored within the user's NIP-78 compliant storage.
Decryption: When the user needs to access their private relay, the application decrypts the data using the user's private key.

Motivation

Why are we doing this? The primary motivation for encrypting and decrypting personal private data using NIP-78 is to enhance user privacy and security. Sensitive data such as private relay URLs and tokens must be protected to prevent unauthorized access and misuse.

Use cases:

  1. Storing Private Relays: Users can store private relay URLs and tokens securely. These relays often contain sensitive authentication tokens that should not be exposed.
  2. Personal Data Protection: Any personal data generated by an app, such as preferences, settings, or private communication channels, can be securely stored.
  3. Enhanced Security: Encryption ensures that even if the data storage is compromised, the sensitive information remains protected.

Expected outcome: By encrypting and decrypting data as per NIP-78, applications can securely handle sensitive user data, ensuring privacy and protection from unauthorized access. Users can confidently store their private relays and other sensitive information, knowing that their data is encrypted and can only be accessed by them.

Implementation Details

NIP-78 does not inherently provide encryption and decryption mechanisms. Thus, applications leveraging NIP-78 for storing sensitive data should implement encryption and decryption processes. Here's how this can be done:

Encryption: Use the user's public key to encrypt the data before storing it.
Decryption: Use the user's private key to decrypt the data when needed.

LATE EDIT: I found also NIP-42 which might serve better things like the authentication for private/paid relays.

@avra911 avra911 added the enhancement New feature or request label Jul 20, 2024
@avra911 avra911 changed the title NIP-78 settings encryption NIP-78 settings encryption or NIP-42 Jul 20, 2024
@avra911 avra911 changed the title NIP-78 settings encryption or NIP-42 NIP-78 settings encryption or NIP-42 for paid/private relays Jul 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant