Clave v0.2.0 Build 94 released on iOS Testflight. Now supporting NIP-44 v3.
In NIP-44 v2, an encrypt or decrypt request to a signer carries no information about what kind of event it's for. The request is just (pubkey, ciphertext). The signer can't tell whether an app is decrypting its own chat traffic, your Cashu wallet (kind 17375), or your gift-wrapped DMs (kind 1059). So when you grant an app "can decrypt for me," you're necessarily granting it for everything โ the protocol gives the signer no handle to gate per-kind.
NIP-44 v3 puts the kind and scope into the request and binds them into the encryption itself. Now the signer knows what kind of data is being touched, and grants can be per (app, kind, scope). An app authorized to "save its deck (kind 30078, scope spectr_decks)" cannot silently decrypt your wallet or your DMs with that grant. The cryptography enforces it.
First reference-implementation pair shipped today: @Clave (iOS signer) and Spectr (web client at https://spectr.clave.casa ).
Thanks to @semisol for the NIP-44 v3 spec, the Go reference library at github.com/nostr-land/ncrypt-go, and the 228 test vectors that made porting safely possible. Thanks also to the @Amber team and @The Fishcake (nostr.build) and Nostr Build Shack for paving the way and being the first to implement.
#nip46 #clave
https://testflight.apple.com/join/5Mx5AZx7
In NIP-44 v2, an encrypt or decrypt request to a signer carries no information about what kind of event it's for. The request is just (pubkey, ciphertext). The signer can't tell whether an app is decrypting its own chat traffic, your Cashu wallet (kind 17375), or your gift-wrapped DMs (kind 1059). So when you grant an app "can decrypt for me," you're necessarily granting it for everything โ the protocol gives the signer no handle to gate per-kind.
NIP-44 v3 puts the kind and scope into the request and binds them into the encryption itself. Now the signer knows what kind of data is being touched, and grants can be per (app, kind, scope). An app authorized to "save its deck (kind 30078, scope spectr_decks)" cannot silently decrypt your wallet or your DMs with that grant. The cryptography enforces it.
First reference-implementation pair shipped today: @Clave (iOS signer) and Spectr (web client at https://spectr.clave.casa ).
Thanks to @semisol for the NIP-44 v3 spec, the Go reference library at github.com/nostr-land/ncrypt-go, and the 228 test vectors that made porting safely possible. Thanks also to the @Amber team and @The Fishcake (nostr.build) and Nostr Build Shack for paving the way and being the first to implement.
#nip46 #clave
https://testflight.apple.com/join/5Mx5AZx7
48โค๏ธ2๐1๐1๐ฅ1๐1๐ซ1