You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: update security model for encrypt-then-sign (H-07)
- Send() description: "encrypt and sign" instead of "signed and encrypted"
- Layer 2: signature covers full envelope including ciphertext
- Layer 3: add encrypt-then-sign ordering note
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: README.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -113,7 +113,7 @@ for _, r := range results {
113
113
|`agent.New(opts)`| Create a new Agent instance |
114
114
|`agent.Start(ctx)`| Register with the platform and start accepting connections |
115
115
|`agent.Stop(ctx)`| Unregister and close all connections |
116
-
|`agent.Send(ctx, env)`|Send a signed and encrypted message to a peer |
116
+
|`agent.Send(ctx, env)`|Encrypt and sign an envelope, then send to a peer |
117
117
|`agent.OnMessage(handler)`| Register a message handler callback |
118
118
|`agent.Discover(ctx, caps)`| Discover Agents by capabilities |
119
119
|`agent.EstablishSession(peerID, peerX25519)`| Establish an E2E encrypted session |
@@ -150,11 +150,11 @@ On first connection, the peer's public key fingerprint is recorded in the local
150
150
151
151
### 2. Message Level — Ed25519 Signing
152
152
153
-
Every message is signed with the sender's private key. The receiver verifies the signature using the sender's public key, ensuring the message has not been tampered with and its origin is authentic.
153
+
Every message is signed with the sender's private key. The signature covers the full envelope (headers + payload). For encrypted messages, the signature covers the ciphertext (encrypt-then-sign), enabling the receiver to verify sender identity before performing decryption.
154
154
155
155
### 3. Transport Level — End-to-End Encryption
156
156
157
-
X25519 public keys are exchanged during the signaling handshake. A shared secret is derived via ECDH and used with XChaCha20-Poly1305 to encrypt message payloads. Nostr transport additionally wraps messages in NIP-44 format.
157
+
X25519 public keys are exchanged during the signaling handshake. A shared secret is derived via ECDH and used with XChaCha20-Poly1305 to encrypt message payloads. The encrypt-then-sign pattern prevents decryption-oracle attacks by allowing pre-authentication. Nostr transport additionally wraps messages in NIP-44 format.
0 commit comments