0xChat’s approach is to store data unencrypted in the database, but the entire database itself is encrypted. When the app is opened, it only needs to decrypt the database once to access all the unencrypted content.
Discussion
in the lite version…
Thats what I was thinking of doing, but unfortunately having an encrypted sqlite db in the browser is really difficult :)
Do you think it would be better if the database encryption key was a password or pin provided by the user?
Also why does 0xchat ask to NIP-04 encrypt and sign 443 events when I open it? I thought it was only decrypting my DMs
I think you can initialize a random key for the user, and if they want to export database, you can let them set their own password (or PIN) to protect it.
The NIP-04 encryption is used to encrypt messages sent to the push server. This should eventually be updated to NIP-44 encryption, but the migration hasn’t started yet :(
443 is an MLS KeyPackage event, and by default generated & uploaded to the relay.
https://github.com/0xchat-app/0xchat-core/blob/main/doc/nofitications.md
Push notifications spec used by 0xchat
When you do re-write it, consider:
Why do I have to encrypt and send multiple messages to the push server?
I'm somewhat interested in how it works but I'm more concerned that as soon as I open the app I have 5+ signing requests that I have to blindly sign
This is because, in the 0xchat implementation, a heartbeat event (encrypted) is sent every minute.
The reason for using heartbeat events is that the push server relies on them to determine whether the app is online. If it receives an offline event or does not receive a heartbeat event for an extended period, it assumes the app is offline.
I bet we could come up with a way to do hash-based heartbeats rather than encrypted ones (or use an ephemeral key) to avoid the signer requests