Feature request: please integrate NIP04 (encrypted message)

[galets]

This is a request to add NIP04 decoder to the library

Following implementation works with this library: https://github.com/galets/nostr_message_fetch/blob/master/lib/nip04.dart

I'm consenting for you to re-license the code to LGPL-3.0

[ethicnology]

Ok I will take a look at this

[ethicnology]

Initial work: #25

WIP: 385f211

@no-prob I reworked your contribution to make it more compatible with the actual usage of the library, could you take a look at the changes ?
Could generates random nostr keys to generate unit tests for Encrypted Direct Message with the hardcoded keys ?

@ryzizub Yo! Could you take a look to the contribution and the rework behind ? If you also have some NIP4 Event that you could provide as test vectors with the correct pubkey/privkey

To finish the job we really need to cover these unit tests cases:

• Nip4.cipher with a valid plaintext and the expected ciphertext output
• Nip4.decipher with a valid ciphertext and the expected plaintext output
• Instanciate a Nip4 event from real data, it should pass verify = true
• Create a EncryptedDirectMessage.quick message that is nostr valid
• EncryptedDirectMessage.getPlaintext
• EncryptedDirectMessage.getCiphertext

[ntheden]

Could generates random nostr keys to generate unit tests for Encrypted Direct Message with the hardcoded keys ?

For unit tests it makes sense to hard-code keys and iv so that the expected cipher text can be compared with known values.

EncryptedDirectMessage.getPlaintext

I suppose the usage model for receive side is if kind=4 then cast the Event to EncryptedDirectMessage and call getPlaintext?

[ethicnology]

@no-prob

You can take a look at my refactoring of your #26 –> 6427f60

[ethicnology]

more changes for #26 –> 0ca4cc8

[ethicnology]

rename/reorganize -> 75a9731

I tried to make it as clean and readable:

• https://github.com/ethicnology/dart-nostr/blob/develop/lib/src/nips/nip_004.dart
• https://github.com/ethicnology/dart-nostr/blob/develop/lib/src/crypto/nip_004.dart

@no-prob remaining work for us before PR into main:

• improve code coverage
• example/nip_004.dart
• README.md

[ethicnology]

@no-prob
#26 (comment)

I will write the rest of the mentioned test cases now, the ones mentioned in #15 (comment)

We only need test case for these line shown in red: https://app.codecov.io/gh/ethicnology/dart-nostr/blob/develop/lib/src/nips/nip_004.dart

[ethicnology]

@no-prob Do you still want to do these tasks?

[ntheden]

@no-prob Do you still want to do these tasks?

Hi, I won't be making new PR's until I get the app that depends on this library stable. Thanks

[ethicnology]

@no-prob I feel you, I'm working/maintaining this project but i have no apps that depends on it.

I will wait for @ryzizub review to finish the PR.

[ryzizub]

@ethicnology I can look into it next week

[hazeycode]

FWIW there are problems with NIP-04 and as such it is not recommended. There are ongoing efforts to supersede with a more secure specification for private messaging. See nostr-protocol/nips#107

[ntheden]

FWIW there are problems with NIP-04 and as such it is not recommended. There are ongoing efforts to supersede with a more secure specification for private messaging. See nostr-protocol/nips#107

Yeah, we will want to implement the better messaging NIPs. NIP 4 is just to get started.

[ethicnology]

answer from @jonasschnelli

I guess this is a fair observation. While the NIP04 encryption itself is missing a MAC, the envelope signature done by the same key might provide a similar result (but again, this is cooking your own crypto scheme and should be reviewed carefully).

Marked as deprecated in 44fd3f2 to warns users about controversial discussions regarding this NIP.

[ntheden]

I would have chosen to mark it deprecated when there is a working NIP to replace it but not before that.

[ethicnology]

The annotation deprecated is a shorthand for deprecating until an unspecified "next release" without migration instructions.

I decided to mark it deprecated so that users of the library are aware of the discussions for the future replacement of this feature, but they can still use it until the "unspecified next release".

[ethicnology]

merged in #30