Replying to Avatar jb55

You could also hash kinds into this identifier to group your private data if you wanted to:

p=sha256(nsec+”storage”+”kind123”)

to pull down your private kind123 data. this would look even more random to a passive observer, and would allow you to pull only specific private data you need

nostr:note146uahnar22eytqk0cvvzkvqee8xx6ty9dxxjjr6nfrvf4vtgzcps6806p6
Avatar
Suhail 8mo ago 💬 1

without a sig inside the wrap, you can’t prove you actually wrote the data. Anyone could spam fake “private” notes under your p-tag and you’d have no way to tell what’s real

Reply to this note

Please Login to reply.

Discussion

Avatar
jb55 8mo ago 💬 2

yeah i’m switching to removing the p tag and just using K=sha256(nsec + “nipXX”) as the wrap key

Avatar
jb55 8mo ago 💬 1

I have a draft nip written up, will publish soon

Avatar
Suhail 8mo ago 💬 2

but without a sig even with a better key, you can’t trust the data came from you

right? or am I trippin

Avatar
Suhail 8mo ago

I mean depends on what the threat model is. if it’s just casual private storage it’s prob fine

Avatar
jb55 8mo ago

Only you control the key, noone else can publish under that key

Avatar
semisol 8mo ago 💬 2

Why not HMAC?

Avatar
jb55 8mo ago 💬 1

this is simpler

Avatar
semisol 8mo ago 💬 1

there is a good reason cryptography is not simple

Avatar
jb55 8mo ago 💬 1

do you have a preimage attack on sha256?

Avatar
semisol 8mo ago

no. but there is hmac (enforcing clear separation of key/data) and I cannot see why you do not want to use it

Avatar
jb55 8mo ago 💬 2

why not hkdf ?

Avatar
jb55 8mo ago

as I write it up I'm leaning toward this (pns = private note storage):

// device_key is users nsec or device nsec

pns_key = hkdf(device_key, "nipXX")

pns_nip44_key = hkdf(pns_key, "nip44-v2")

ctext = nip44_encrypt(pns_nip44_key, nonce, note_json)

Avatar
semisol 8mo ago 💬 1

for non-fixed-length sure

Avatar
jb55 8mo ago

i guess hkdf_extract is basically hmac anyways