pull down to refresh

Just FYI, Encrypted messaging over nostr nip04 is not optimal, and way less secure than for example Signal or something alike.
some drawbacks of Nip04:
  • Senders PUBK is leaked
  • Recipients PUBK is leaked
  • Timestamp is leaked
  • If one private key gets compromised, the whole conversation can be decrypted (due to no key-ratcheting)
are they using Elliptic curve Diffie Helman is that why? Isn't the point of Diffie Helman to establish a symmetric that both parties can use but in order to do so you need to expose your pubkey
reply
Yes, the senders and receivers pub key are stored in the event data.
You could mask the receiver by sending to many pub keys, but only one real one.
ECDHKE is good, but for conversation, where multiple messages are sent back and forth, you want an additional security parameter. The keys for encryption and decryption should change with each message. So that if a key gets compromised, the history cannot be decrypted
reply