Open lastmjs opened 4 years ago
nacl seems pretty solid, it's what MetaMask is going with and I believe geth, and I think there's an EIP open for it.
The big problem I'm seeing so far, if I'm not mistaken, is that nacl requires a new key pair to be derived from the Ethereum private key. This eliminates the use case of sending a message to any Ethereum address, because you would first need to get their public encryption key, which is derived from their private key, and I don't believe can be derived from an on-chain transaction signature.
The reason this is an issue is because I don't want people to put their private key into the app, and also encrypted over and over again with the same public key could be problematic security-wise, which I believe is why people are advocating for creating new keypairs to encrypt with.
So, I want to use MetaMask for this functionality, but MetaMask won't work because of the issues I mentioned.
Looks like ECEIS is just not good: https://twitter.com/matthew_d_green/status/581231569731514368?s=20
Nacl seems like the way to go...but we need to figure out the public key issue
Make sure to encrypt the swarm hash that is stored on the blockchain: https://github.com/lastmjs/ethereum-pm/issues/13