Replying to Avatar Basanta Goswami

Is there any reason you would want to sign encrypted data, or encrypt signed data? We encrypt data to put them inside signed JSON in nostr because it was not supposed to be for private coms when it was initially designed

But otherwise I can't think of a reason you would want it, nostr should have probably had two kinds of events since the beginning
Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

signing the data is like putting "from" on a letter

the p tag contains the recipient (s)

the data itself can be encrypted but somewhere in it is going to be the designated decryption key, and it has to be clear, same as the encryption nonce, it ultimately would not matter if it was only in the content, but putting it in a p tag makes it integrated with the simple indexing system and filter search, so a user can request events that p-tag with the DM kind and get their messages

there is no practical attack on the encryption, even nip-04 encryption IS NOT WEAK to practical attacks - yes the data is out there, but SSL is open to this attack as well and the real security question is how long the attacker has to brute force it - in practise, this is not how you breach the security of the system, you have to infiltrate their personal system with bugs that capture the secret

Reply to this note

Please Login to reply.

Discussion

No replies yet.