Skip to content

nip17: retain sender copy of private dms #1109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

nip17: retain sender copy of private dms #1109

wants to merge 1 commit into from

Conversation

@alltheseas
Copy link
Contributor

@alltheseas alltheseas commented Oct 26, 2025

Problem

Code review finding:

High – Private messages are only wrapped for the receiver, never for the sender.
  EventBuilder::private_msg builds a single gift wrap aimed at the target (crates/nostr/src/
  event/builder.rs:1534) and Client::send_private_msg forwards exactly that one event (crates/
  nostr-sdk/src/client/mod.rs:1205). NIP‑17 states that every unsigned kind‑14 “must be sealed
  and gift‑wrapped to each receiver and the sender individually.” Without generating the sender’s
  copy, users lose the “Fully Recoverable” guarantee, can’t sync their own history from their
  10050 relays, and can’t opt into disappearing messages by omitting the self wrap. The fix is
  to clone the rumor and call gift_wrap once per participant (including signer.get_public_key()),
  sending each wrap to the appropriate relay set.

Summary

Wrap each DM rumor for both receiver and author so senders keep history.

Tests

cargo test build_private_dm_wraps_produces_sender_copy --package nostr-sdk --lib --features nip59

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alltheseas