i ended up writing my own. was a bit simpler:
https://github.com/damus-io/nostrdb/blob/74f31331e8f02aa7077d24c5110803499fb0c447/src/nip44.c
As I'm seeing more projects release "hand-rolled" encryption and key operations. I know I need to step up noscrypt advertising.
If you're building an application (client, server, desktop, etc) that targets x86_64 I maintain a library that will do your nip44 encryption and basic key operations for you :)
It's called noscrypt
- Noscrypt gives you consistent abstractions for nostr encryption algorithms.
- Your choice of highly tested backend libraries such as mbedTLS, openSSL or BCrypt API on Windows
- Advanced validation and error feedback
- Low level API gives you full control over memory
- Low level API will never take control of your process with allocations, aborts, forks, or threading
- It has automatic fallbacks for options and platform limitations (relies on monocypher for some fallbacks)
- Offers a static or shared library
- Includes versioned and hand verified copies of dependencies so you don't need internet access to build once you have the package
- CI tested on Windows and Linux x86_64 platforms. (more tests coming soon)
- Doesn't rely solely on GitHub or public infra
It also includes a C# library for .net devs :) More bindings may be coming soon.
https://www.vaughnnugent.com/resources/software/modules/noscrypt
Discussion
are you suggesting I steel man noscrypt for you?
sure
I'll try my best with a few highlights I think are important.
As with all shared libraries noscrypt was intended to allow for the more flexibility in configuration and builds, while avoiding many assumptions.
- Devs can choose from a couple crypto libraries, such as mbedTLS, OpenSSL, or Windows BCrypt at the moment.
- Noscrypt does not allocate dynamic memory unless utils are used
- Noscrypt uses a crypto library abstraction which supports user overrides at a function level
- Does not expose any source of entropy/randomness, to avoid opinionated and "hard-coded defaults"
- All low-level apis are bring your own memory.
- Abstracts encryption/decryption to support both nip44 nip04 (incomplete) and future algorithms
- Does handle any character encoding/decoding (base64) yet, but may offer it as a utility
I also have a longer form blog I wrote last year in more detail. Essentially I didn't want to roll my own application specific crypto, with limited options and a highly specific use case for my NVault project.
https://www.vaughnnugent.com/blog/d9ab8a46cfa8d6bd59cf048fec8d73ffc44f881c
Noscrypt is excellent, Iβve been using it more and more whether itβs C or Zig projects. Highly recommend.