Karnage on Nostr: Shipped! (I think 🤣) Some wild stuff happening behind the scenes that I don’t ...
Shipped! (I think 🤣)
Some wild stuff happening behind the scenes that I don’t fully understand but it seems to be working.
real cryptographers, please let me know how stupid this is or if it’s decent:
**Publishing (Encryption):**
1. Generate a random 256-bit master encryption key
2. Encrypt the content URL using AES-GCM with the master key + random IV
3. Encrypt the master key twice:
1. Once for creator access: using creator's private key + zapwall ID via PBKDF2
2. Once for payment access: using deterministic key derived from zapwall ID
4. Store encrypted content URL, encrypted master keys, and IVs in the Nostr event tags
**Payment-based Decryption:**
1. Derive payment key from zapwall ID using PBKDF2 with fixed salt "zapwall-payment-key-v1"
2. Use payment key to decrypt the payment-encrypted master key
3. Import the decrypted master key as AES-GCM key
4. Use master key + stored IV to decrypt the content URL
5. Return plaintext content URL to user
The content URL is never stored in plaintext on Nostr - only the encrypted version with cryptographic keys that require either creator ownership or valid payment to decrypt.
Oh man I may have gotten encryption to work on URLs 🤞
Published at
2025-06-01 11:06:37Event JSON
{
"id": "b16cdf542985109bb0755dd1950668a17b9c63ba8b2635105e0bfefa0b2cbb88",
"pubkey": "1bc70a0148b3f316da33fe3c89f23e3e71ac4ff998027ec712b905cd24f6a411",
"created_at": 1748775997,
"kind": 1,
"tags": [
[
"q",
"0945a50ce588a9625e175f7d15846361976c35978683ec365d736d4a3c3bcd0a"
],
[
"p",
"1bc70a0148b3f316da33fe3c89f23e3e71ac4ff998027ec712b905cd24f6a411"
]
],
"content": "Shipped! (I think 🤣) \n\nSome wild stuff happening behind the scenes that I don’t fully understand but it seems to be working. \n\nreal cryptographers, please let me know how stupid this is or if it’s decent: \n\n**Publishing (Encryption):**\n\n1. Generate a random 256-bit master encryption key\n2. Encrypt the content URL using AES-GCM with the master key + random IV\n3. Encrypt the master key twice:\n\n1. Once for creator access: using creator's private key + zapwall ID via PBKDF2\n2. Once for payment access: using deterministic key derived from zapwall ID\n\n\n\n4. Store encrypted content URL, encrypted master keys, and IVs in the Nostr event tags\n\n\n**Payment-based Decryption:**\n\n1. Derive payment key from zapwall ID using PBKDF2 with fixed salt \"zapwall-payment-key-v1\"\n2. Use payment key to decrypt the payment-encrypted master key\n3. Import the decrypted master key as AES-GCM key\n4. Use master key + stored IV to decrypt the content URL\n5. Return plaintext content URL to user\n\n\nThe content URL is never stored in plaintext on Nostr - only the encrypted version with cryptographic keys that require either creator ownership or valid payment to decrypt.\n\nnostr:note1p9z62r893z5kyhshta73tprrvxtkcdvhs6p7cdjawdk550pme59qetq9nq",
"sig": "978c7c567de50e471e1936c9036e03eab528ecd909570ad5c2bb4feaaaaac6260ae83bc6d55dd9eb51cb90106ab5d3daeeb97c2e04bead2380a5b9a28a28b8b3"
}
