Skip to content

Instantly share code, notes, and snippets.

@siniradam

siniradam/whatisnostr.md

Last active December 29, 2022 20:57
Show Gist options
  • Save siniradam/73cf670871228daeaeeb7593c6d26999 to your computer and use it in GitHub Desktop.
Save siniradam/73cf670871228daeaeeb7593c6d26999 to your computer and use it in GitHub Desktop.
Download ZIP
Some basic information about NOSTR Protocol.
Raw
whatisnostr.md

NOSTR ELI5

Explanation of NOSTR for all newbies.

What is NOSTR

Nostr is a protocol built on websockets.

It's consisting of 2 main components.

  • Relays - a server.
  • Client - and application (website, mobile app, desktop app etc.)

Relays

What is a relay?

Relay is a service running on a server. You send a message and it replies. Simple as that. When you send something to a relay, other clients using same relay can access.

But what it does exactly?

It stores the data you send, and if someone else requests it, it sends back to them. But right now they only store text data. They don't communicate with each other, they only communicate with people connected to them.

Why there are so many relays?

Ok, this is a bit interesting thing to explain. NOSTR Protocol is a bit different than regular webserver - client relationship. Regular websites stores your data on a server then replicates (some of them) to the other servers in different locations / regions, so you can reach anytime, anywhere. You'll get connected to the fastest server or any available server.

Nostr's approach is different, your data will be published to servers of your choice. You choose to connect which servers (in this case your client app) should have your data.

When you publish an update, you gotta send it to all of the (relays) servers.

For instance:

You: Connected to A, B, C servers.

UserX: Connected to C, D, E servers.

UserY: Connected to A, G, F servers

When you send something to all these 3 servers;

  • UserX can see your update via C server
  • UserY can see it via A server

This is what makes it unrestrictable, because as long as there are bunch of servers all around the world, it's impossible to block the access.

What do I need to access ?

  • If you are a user;
    • There are variety of websites simulating some popular websites.
    • Micro blogging or chat rooms are 2 popular use cases, and some webpages are already available to use.
    • See this page to find list of applications.
  • I'm a developer

But don't jump in right now, I would strongly recommend to read more.

Clients

What is a client?

Client is any type of software sending and receiving messages from relays. This can be a website, mobile application or something else.

Is this a Twitter replacement?

Not really, but something like twitter can be build with it.

How do I register?

You don't. Think of it like warehouse, anyone can put something in it. You just need to add your name on it. So other will know it's created by you.

How can someone else know that's me?

You just don't put your name on it, you sign it too. You have 2 keys, public and private, private key is only for you, public is visible by everyone, everything comes with a public key. You can create your own keys or use the ones clients provide. Most services can generate keys for you.

Uhh. Keys?

There is something called asymmetric cryptography. What it does is basically, there are 2 keys, one for crypting something, and turning into a code, and another key to convert it back to something readable. But also crypted content can be verified with the public key.

Here is a basic sample explanation;

publicKey = `myUnlockKey` (BunchOfRandomNumbersAndLetters)
privateKey = "myLockKey" (BunchOfRandomNumbersAndLetters)
myMessage = "hello mom"

Now system turns this into;

myEncryptedMessage = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQK"

If you want to read this, back again you need a (public) key.

myUnlockKey(myEncryptedMessage) = "hello mom"

If both encrypted content and uncrypted with public key are the same, this means owner of this public key's private pair is the owner of the public key.

What to know about keys?

  • Every Private key have a single public key. This makes them a pair.
  • Public key can be found/retrieved with private key.
  • Public key is only used for decrypting and nothing else.
  • Public key can't be used to encrypt.
  • Private keys can not be recovered with public keys.

How it is used to make the system secure?

Once you have a private and public key, your clients sends something like this;

  • id
  • Your public key (pubkey)
  • Your message (content)
  • Same content but encrypted. (sig)

Of course you don't have to see or know all about this, the website, or app you are using dealing with this stuff.

Once people have these, they decrypt the sig and compare if it's the same with content+publickey+...

If it is, it is indeed created by the person who owns this private key, and this public key is correct.

How I'm gonna deal with this key or store it?

You have some options for that, you can install a chrome extension or a firefox extension Then you can save your private key in it, supporting platforms will trigger extension and ask for your keys.

Last Edit: Dec 29 2022 12:55 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment