Explanation of NOSTR for all newbies.
Nostr is a protocol
built on websockets.
It's consisting of 2 main components.
Relays
- a server.Client
- and application (website, mobile app, desktop app etc.)
Relay is a service running on a server. You send a message and it replies. Simple as that. When you send something to a relay, other clients using same relay can access.
It stores the data you send, and if someone else requests it, it sends back to them. But right now they only store text data. They don't communicate with each other, they only communicate with people connected to them.
Ok, this is a bit interesting thing to explain. NOSTR Protocol
is a bit different than regular webserver - client relationship.
Regular websites stores your data on a server then replicates (some of them) to the other servers in different locations / regions, so you can reach anytime, anywhere. You'll get connected to the fastest server or any available server.
Nostr's approach is different, your data will be published to servers of your choice. You choose to connect which servers (in this case your client app) should have your data.
When you publish an update, you gotta send it to all of the (relays) servers.
For instance:
You
: Connected toA
,B
,C
servers.
UserX
: Connected toC
,D
,E
servers.
UserY
: Connected toA
,G
,F
servers
When you send something to all these 3 servers;
UserX
can see your update viaC server
UserY
can see it viaA server
This is what makes it unrestrictable, because as long as there are bunch of servers all around the world, it's impossible to block the access.
- If you are a user;
- There are variety of websites simulating some popular websites.
- Micro blogging or chat rooms are 2 popular use cases, and some webpages are already available to use.
- See this page to find list of applications.
- I'm a developer
- Check the nostr github page.
But don't jump in right now, I would strongly recommend to read more.
Client is any type of software sending and receiving messages from relays. This can be a website, mobile application or something else.
Not really, but something like twitter can be build with it.
You don't. Think of it like warehouse, anyone can put something in it. You just need to add your name on it. So other will know it's created by you.
You just don't put your name on it, you sign it too.
You have 2 keys, public
and private
, private key is only for you, public is visible by everyone, everything comes with a public key.
You can create your own keys or use the ones clients provide. Most services can generate keys for you.
There is something called asymmetric cryptography. What it does is basically, there are 2 keys, one for crypting something, and turning into a code, and another key to convert it back to something readable. But also crypted content can be verified with the public key.
Here is a basic sample explanation;
publicKey = `myUnlockKey` (BunchOfRandomNumbersAndLetters)
privateKey = "myLockKey" (BunchOfRandomNumbersAndLetters)
myMessage = "hello mom"
Now system turns this into;
myEncryptedMessage = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQK"
If you want to read this, back again you need a (public) key.
myUnlockKey(myEncryptedMessage) = "hello mom"
If both encrypted content and uncrypted with public key are the same, this means owner of this public key's private pair is the owner of the public key.
- Every
Private key
have a singlepublic key
. This makes them a pair. - Public key can be found/retrieved with private key.
- Public key is only used for decrypting and nothing else.
- Public key can't be used to encrypt.
- Private keys can not be recovered with public keys.
Once you have a private and public key, your clients sends something like this;
id
- Your public key (
pubkey
) - Your message (
content
) - Same content but encrypted. (
sig
)
Of course you don't have to see or know all about this, the website, or app you are using dealing with this stuff.
Once people have these, they decrypt the sig
and compare if it's the same with content
+publickey
+...
If it is, it is indeed created by the person who owns this private key, and this public key is correct.
You have some options for that, you can install a chrome extension or a firefox extension Then you can save your private key in it, supporting platforms will trigger extension and ask for your keys.
Last Edit: Dec 29 2022 12:55 PM