>  But suppose you publish a Nostr pubkey and I encrypt a DM with it (no signatures). How is this unsecure? 

I'm not familiar with what cryptography nostr uses here. 

But in general it's not a good idea to encrypt data with just any pubkey. It could (doesn't have to) be insecure in a sense of your DM might be decipherable for 3rd parties. It can't be insecure in a sense of threatening the secret key of the recipient, of course.

I'm not familiar with what cryptography Nostr uses here. But like @ekzyis mentioned: there are famous examples with RSA where weaknesses emerge when using the same key for encryptions and signatures.

> if you explain this to me:
>> That's not how encryption or secure encryption schemes work. You can't just use any pubkey and think, you can now encrypt anything with it and still pretend like it's secure. You just rolled your own crypto.

Have you asked yourself how encryption schemes are defined?

Since according to my understanding, **encryption schemes always include a definition how the keys MUST be generated** - even only idealistic ones that are **only useful for theory**, since they just say that they key must be **random**.

I mean: Do you really think I can use a RSA key in bitcoin which uses ECC?

> How is this unsecure? Aren't gpg users always doing gpg --encrypt --recipient anyway?

I recommend [looking up how PGP actually works](https://datatracker.ietf.org/doc/html/rfc4880).

> I suspect you're thinking of signatures: indeed, signing random shit with your private key just like that isn't a good idea. 

Nice assumption, lol, but I agree that this wouldn't be a good idea.

So please do some research before you try to shill anything and stop wasting our time.

It's also not too late to delete your comments and change your nym from @om to something else since I will remember your nym, lol

OK I will stop shilling cashu (and switch to shilling near-zero-fee Liquid clones) if you explain this to me:

> That's not how encryption or secure encryption schemes work. You can't just use any pubkey and think, you can now encrypt anything with it and still pretend like it's secure. You just rolled your own crypto.

I suspect you're thinking of signatures: indeed, signing random shit with your private key just like that isn't a good idea. But suppose you publish a Nostr pubkey and I encrypt a DM with it (no signatures). How is this unsecure? Aren't gpg users always doing gpg --encrypt --recipient anyway?

> But both lnurl-auth and nostr auth should give SN a pubkey that the zapper can encrypt with

That's not how encryption or secure encryption schemes work. You can't just use _any_ pubkey and think, you can now encrypt _anything_ with it and still pretend like it's secure. You just rolled your own crypto. 

> Unfortunately, users who log in via Google or Facebook will miss all the nutzaps.

Do we support Google or Facebook SSO? Since you sound like you think we do. 

Please stop shilling cashu, I like cashu but you make it look bad, lol

[important] foreign asset control compliance

k00b

Not immediately, no, because there's no user auth in cashu by design (original Chaum's constuction involved accounts). But both lnurl-auth and nostr auth should give SN a pubkey that the zapper can encrypt with and the only thing that SN ever sees is an encrypted DM.

Unfortunately, users who log in via Google or Facebook will miss all the nutzaps.