Update the identifier tag d for user's app data event #120

New Issue

s · 2024-07-17T10:00:18Z

s commented

2024-07-17 10:00:18 +00:00

Currently we are using sha256 hash of 938 + user's pubkey for user's the identifier tag d of user's app data event. Rather we should sign the event with 938 + user's pubkey and create_at = 0 or start of UNIX timestamp if 0 is not allowed and use the signature of that event as an identifier.

Currently we are using sha256 hash of `938 + user's pubkey` for user's the identifier tag `d` of user's app data event. Rather we should sign the event with `938 + user's pubkey` and create_at = 0 or start of UNIX timestamp if 0 is not allowed and use the signature of that event as an identifier.

s changed title from ~~Update filter for getting user's appData~~ to Update the identifier `d` for user's app data event

2024-07-22 08:19:02 +00:00

s changed title from ~~Update the identifier `d` for user's app data event~~ to Update the identifier tag `d` for user's app data event

2024-07-22 08:19:16 +00:00

~~s referenced this issue 2024-08-22 08:19:49 +00:00~~

feat: use nip04 for encryption and decryption of userData to store on blossom server #162

s commented

2024-08-22 11:14:50 +00:00

This approach wouldn't work as we would get different signatures every time we sign an event.

m was assigned by b

2024-11-26 09:52:55 +00:00

b commented

2024-11-27 17:11:23 +00:00

Following discussion with @m

The problem is not that we get the same signature (because created_at=0)

The problem is that relays will not accept an event with created_at=0

Neither do they want one signed in the future. So the idea to create a unique id that ONLY the user will know, is not so easy. Probably there is some way where there is a generic D-tag for app data, one that contains encrypted key-value pairs, one of which could be the sigit id.

Until such a spec appears, we should stick with the existing approach of using the hash of 938_$(npub).

Following discussion with @m The problem is not that we get the same signature (because created_at=0) The problem is that relays will not accept an event with created_at=0 Neither do they want one signed in the future. So the idea to create a unique id that ONLY the user will know, is not so easy. Probably there is some way where there is a _generic_ D-tag for app data, one that contains encrypted key-value pairs, one of which could be the sigit id. Until such a spec appears, we should stick with the existing approach of using the hash of `938_$(npub)`.

b closed this issue

2024-11-27 17:11:24 +00:00

Sign in to join this conversation.