Encryption in Push Chat
Each Push profile or user of Push Chat has a PGP key that is created locally and stored encrypted on Push nodes. Push SDK during initialization automatically decrypts your key by asking you to sign a nonce which is used to derive the signature that is applied to encrypt or decrypt your PGP keys.
Once the PGP keys are obtained locally, they are then used (in your local sandbox) to encrypt / decrypt messages, chat requests and anything that you do within Push network.
Since your wallet acts only as a way to encrypt or decrypt your PGP keys and your keys encryption are not reliant or tied directly to a particular algorithm. This paves the way for cross-chain or even multi-chain communication as dynamic versions compatible with different chains or new standards can be applied.
This is possible because Push maintains your PGP keys encryption version and thus is able to decrypt them using the correct standards.
Recommended encryption version for Push Profile
Current recommended encryption version for Push Profile is PGP_V3 and for Push NFT profiles is NFTPGP_V1.
Supported Encryption Versions for Push Profile
| Encryption Version | Remarks |
|---|---|
PGP_V1 | Uses x25519-xsalsa20-poly1305 algorithm |
PGP_V2 | Uses aes256GcmHkdfSha256 algorithm with EIP712 type signatures |
PGP_V3 | Uses aes256GcmHkdfSha256 algorithm with EIP191 type signatures |
NFTPGP_V1 | Uses aes256GcmHkdfSha256 algorithm with EIP191 type signatures and client enabled overriding secret |
PGP_V1
This encryption version represents the initial implementation for securing Push Profiles. It relies on Metamask's legacy API functions, namely eth_getEncryptionPublicKey and eth_decrypt, for the encryption and decryption of PGP keys. It's important to note that these functions have been deprecated and are not supported by other providers. Consequently, we strongly recommend against using this method for encryption.
For more details on the deprecation of these functions, please refer to the official announcement here.
PGP_V2
This encryption version utilizes the aes256Gcm algorithm for encrypting PGP keys. In this scheme, a random nonce, salt, and an EIP-712-based signature are used to create the encryption key. The nonce, salt, and encrypted private keys are securely stored on Push Nodes. When combined with the user's signature, these components enable the decryption of the PGP keys.
PGP_V3
This encryption version is the same as PGP_V2, but it uses an EIP-191-based signature instead of EIP-712. The transition to EIP-191 signatures simplifies cross-chain compatibility and eliminates the necessity for typed data signing for straightforward messages.
NFTPGP_V1
This encryption version is specifically designed for securing NFT Push Profiles within the framework of NFT Chat. NFT Chats introduce a unique concept where chat history becomes tied to an NFT and is carried along with the NFT when it changes ownership between users.
In this encryption method, users generate a secret or password, which is subsequently used to encrypt the PGP Private key. This secret is then encrypted using the PGP_V3 encryption scheme. Consequently, there are two methods for decrypting an NFT profile:
-
By providing the secret directly or decrypting the secret by signing a message, which in turn is used to decrypt the PGP Key.
-
During NFT transfers, the previous owner has the option to share the secret with the new owner, granting access to the chat history. Alternatively, the new owner can choose to create a new secret, effectively resetting the chat history.