feat: migrate NIP-51 list encryption from NIP-04 to NIP-44

NIP-04 encryption is deprecated due to security vulnerabilities. This migrates MuteList (kind 10000) and PinnedUsers (kind 10010) private entries to use NIP-44 encryption, with backward compatibility for reading existing NIP-04 encrypted content. When NIP-04 content is detected, it is automatically re-encrypted with NIP-44 and republished to gradually migrate users. Co-Authored-By: captain-stacks <201298974+captain-stacks@users.noreply.github.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-04 23:52:49 +08:00 · 2026-04-04 23:52:49 +08:00 · 2efc884e01
commit 2efc884e01
parent 4fb40e81b3
9 changed files with 191 additions and 32 deletions
--- a/src/providers/NostrProvider/nsec.signer.ts
+++ b/src/providers/NostrProvider/nsec.signer.ts
@ -1,5 +1,6 @@
 import { ISigner, TDraftEvent } from '@/types'
 import { finalizeEvent, getPublicKey as nGetPublicKey, nip04, nip19 } from 'nostr-tools'
+import { v2 as nip44 } from 'nostr-tools/nip44'

 export class NsecSigner implements ISigner {
  private privkey: Uint8Array | null = null
@ -50,4 +51,20 @@ export class NsecSigner implements ISigner {
    }
    return nip04.decrypt(this.privkey, pubkey, cipherText)
  }
+
+  async nip44Encrypt(pubkey: string, plainText: string) {
+    if (!this.privkey) {
+      throw new Error('Not logged in')
+    }
+    const conversationKey = nip44.utils.getConversationKey(this.privkey, pubkey)
+    return nip44.encrypt(plainText, conversationKey)
+  }
+
+  async nip44Decrypt(pubkey: string, cipherText: string) {
+    if (!this.privkey) {
+      throw new Error('Not logged in')
+    }
+    const conversationKey = nip44.utils.getConversationKey(this.privkey, pubkey)
+    return nip44.decrypt(cipherText, conversationKey)
+  }
 }