It even rewrote it! πΆπΎπ€―
NIP-04
======
Enhanced Encrypted Direct Messaging
-----------------------------------
`final` `optional` `author:ChatGPT`
A special event with kind `4`, representing an "enhanced encrypted direct message". The message includes the following attributes:
**`content`** MUST be equal to the base64-encoded, AES-256-GCM or ChaCha20-Poly1305 encrypted string of the user's intended message. This should be encrypted using an ephemeral key derived from Diffie-Hellman key exchange using the recipient's public key and the sender's temporary private key. This appended by the base64-encoded initialization vector and authentication tag as query string parameters named "iv" and "at" respectively. The format is the following: `"content": "?iv=&at="`.
**`tags`** MUST contain an entry identifying the receiver of the message using a rotating anonymous identifier, such that relays may naturally forward this event to them. The form is `["p", ""]`.
**`tags`** MAY contain an entry identifying the previous message in a conversation or a message we are explicitly replying to (such that contextual, more organized conversations may happen), in the form `["e", ""]`.
**Note**: The Diffie-Hellman key exchange should be implemented to support Perfect Forward Secrecy (PFS).
Here's an illustrative code sample for generating such an event in JavaScript:
```js
import crypto from 'crypto'
import * as secp from '@noble/secp256k1'
let ephemeralPrivateKey = crypto.randomBytes(32)
let sharedPoint = secp.getSharedSecret(ephemeralPrivateKey, '02' + theirPublicKey)
let sharedKey = sharedPoint.slice(1, 33)
let iv = crypto.randomBytes(16)
var cipher = crypto.createCipheriv(
'aes-256-gcm',
Buffer.from(sharedKey),
iv
)
let encryptedMessage = cipher.update(text, 'utf8', 'base64')
encryptedMessage += cipher.final('base64')
let ivBase64 = Buffer.from(iv).toString('base64')
let atBase64 = Buffer.from(cipher.getAuthTag()).toString('base64')
let event = {
pubkey: ourPubKey,
created_at: Math.floor(Date.now() / 1000),
kind: 4,
tags: [['p', theirAnonymizedId]],
content: encryptedMessage + '?iv=' + ivBase64 + '&at=' + atBase64
}
```
## Security Warning
Although this standard represents a significant improvement over the previous version, it should be treated with caution and must not be used for communication that needs to remain absolutely confidential. Always consult with a security expert or perform a security audit before deploying cryptographic protocols.
## Client Implementation Warning
Clients *should not* search and replace public key or note references from the `.content`. If processed like a regular text note (where `@npub...` is replaced with `#[0]` with a `["p", "..."]` tag), the tags are leaked and the mentioned user will receive the message in their inbox. Additionally, clients should use rotating anonymous identifiers to reference users, adding another layer of privacy to the protocol.
