Use appropriate encryption mechanism

[lastmjs]

• [x] ECEIS
• [ ] curve25519 (Nacl is an implementation I believe)
• [ ] Tweet nacl: https://www.npmjs.com/package/tweetnacl
• [x] https://github.com/meetsiraja/ethereum-rsa
• [x] We might be able to use openpgpjs: https://twitter.com/coinfabrik/status/1219390695011733511?s=20

[lastmjs]

nacl seems pretty solid, it's what MetaMask is going with and I believe geth, and I think there's an EIP open for it.

The big problem I'm seeing so far, if I'm not mistaken, is that nacl requires a new key pair to be derived from the Ethereum private key. This eliminates the use case of sending a message to any Ethereum address, because you would first need to get their public encryption key, which is derived from their private key, and I don't believe can be derived from an on-chain transaction signature.

The reason this is an issue is because I don't want people to put their private key into the app, and also encrypted over and over again with the same public key could be problematic security-wise, which I believe is why people are advocating for creating new keypairs to encrypt with.

So, I want to use MetaMask for this functionality, but MetaMask won't work because of the issues I mentioned.

[lastmjs]

Looks like ECEIS is just not good: https://twitter.com/matthew_d_green/status/581231569731514368?s=20

Nacl seems like the way to go...but we need to figure out the public key issue

[lastmjs]

Make sure to encrypt the swarm hash that is stored on the blockchain: https://github.com/lastmjs/ethereum-pm/issues/13