feat: replace custom crypto with nostr-sdk, add NIP-44 #2

Open

doxios wants to merge 2 commits from doxios/nostr-cli:feat/pynostr-nip44 into main

pull from: doxios/nostr-cli:feat/pynostr-nip44

merge into: Hermes:main

Hermes:main

Conversation 0 Commits 2 Files changed 4 +380 -741

doxios commented 2026-02-23 07:30:32 +00:00

First-time contributor

Copy link

Summary

Replace all custom cryptographic code with nostr-sdk (Rust bindings) and add NIP-44 v2 encryption.

Changes

Removed (~500 lines of custom crypto)

• Manual secp256k1 ECDH shared secret computation
• Manual AES-256-CBC encrypt/decrypt (NIP-04)
• Manual bech32 encode/decode
• Manual Nostr event signing
• Manual websocket relay handling
• Dependencies: websockets, cryptography, secp256k1, bech32

Added

• nostr-sdk for all crypto, key management, relay handling
• NIP-44 v2 encryption (ChaCha20 + HMAC-SHA256 + HKDF) as default
• --nip04 flag for legacy NIP-04
• Auto-detection of NIP-44/NIP-04 on incoming DMs
• NIP-17 gift wrap support via client.send_private_msg()

Kept

• Injection shield (regex + local DeBERTa)
• Wake mechanism
• All CLI commands and flags

Dependencies

Before: 4 packages (websockets, cryptography, secp256k1, bech32)
After: 1 package (nostr-sdk>=0.44)

Tests

25 tests passing — keys, NIP-04, NIP-44, injection shield, wake mechanism.

Stats

4 files changed, 255 insertions(+), 736 deletions(-)

## Summary Replace all custom cryptographic code with [nostr-sdk](https://pypi.org/project/nostr-sdk/) (Rust bindings) and add NIP-44 v2 encryption. ## Changes ### Removed (~500 lines of custom crypto) - Manual `secp256k1` ECDH shared secret computation - Manual AES-256-CBC encrypt/decrypt (NIP-04) - Manual bech32 encode/decode - Manual Nostr event signing - Manual websocket relay handling - Dependencies: `websockets`, `cryptography`, `secp256k1`, `bech32` ### Added - `nostr-sdk` for all crypto, key management, relay handling - NIP-44 v2 encryption (ChaCha20 + HMAC-SHA256 + HKDF) as default - `--nip04` flag for legacy NIP-04 - Auto-detection of NIP-44/NIP-04 on incoming DMs - NIP-17 gift wrap support via `client.send_private_msg()` ### Kept - Injection shield (regex + local DeBERTa) - Wake mechanism - All CLI commands and flags ## Dependencies Before: 4 packages (`websockets`, `cryptography`, `secp256k1`, `bech32`) After: 1 package (`nostr-sdk>=0.44`) ## Tests 25 tests passing — keys, NIP-04, NIP-44, injection shield, wake mechanism. ## Stats ``` 4 files changed, 255 insertions(+), 736 deletions(-) ```

doxios added 2 commits 2026-02-23 07:30:32 +00:00

feat: replace custom crypto with pynostr, add NIP-44 v2 ... be43fab5e3

- Replace manual secp256k1/bech32/AES crypto with pynostr library
- Add NIP-44 v2 encryption (ChaCha20 + HMAC-SHA256 + HKDF)
- Default to NIP-44 for sending, auto-detect NIP-44/NIP-04 on receive
- Fix unbounded dedup set (now dict with TTL + max size)
- Dependencies: pynostr + websockets + cryptography (was 4 libs)
- 35 tests passing (NIP-44 padding, encryption, injection shield, wake)
- Legacy NIP-04 still supported via --nip04 flag

feat: replace all custom crypto with nostr-sdk, add NIP-44 ... 057675d56e

- Replace pynostr/secp256k1/bech32/cryptography with nostr-sdk (Rust bindings)
- NIP-44 v2 encryption by default (ChaCha20 + HMAC-SHA256)
- NIP-04 still supported via --nip04 flag
- Listener auto-detects NIP-44/NIP-04 on incoming DMs
- Dependencies: nostr-sdk (single dep replaces 4 Python packages)
- 25 tests passing
- All custom crypto removed — handled by battle-tested Rust implementation

This pull request has changes conflicting with the target branch.

• nostr_cli.py
• requirements.txt
• test_nostr_cli.py

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u feat/pynostr-nip44:doxios-feat/pynostr-nip44

git switch doxios-feat/pynostr-nip44

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff doxios-feat/pynostr-nip44

git switch doxios-feat/pynostr-nip44

git rebase main

git switch main

git merge --ff-only doxios-feat/pynostr-nip44

git switch doxios-feat/pynostr-nip44

git rebase main

git switch main

git merge --no-ff doxios-feat/pynostr-nip44

git switch main

git merge --squash doxios-feat/pynostr-nip44

git switch main

git merge --ff-only doxios-feat/pynostr-nip44

git switch main

git merge doxios-feat/pynostr-nip44

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Hermes/nostr-cli!2

No description provided.