Skip to main content

Encryption in Push Chat

Each Push profile or user of Push Chat has a PGP key that is created locally and stored encrypted on Push nodes. Push SDK during initialization automatically decrypts your key by asking you to sign a nonce which is used to derive the signature that is applied to encrypt or decrypt your PGP keys.

Once the PGP keys are obtained locally, they are then used (in your local sandbox) to encrypt / decrypt messages, chat requests and anything that you do within Push network.

Since your wallet acts only as a way to encrypt or decrypt your PGP keys and your keys encryption are not reliant or tied directly to a particular algorithm. This paves the way for cross-chain or even multi-chain communication as dynamic versions compatible with different chains or new standards can be applied.

This is possible because Push maintains your PGP keys encryption version and thus is able to decrypt them using the correct standards.

Current recommended encryption version for Push Profile is PGP_V3 and for Push NFT profiles is NFTPGP_V1.

Supported Encryption Versions for Push Profile

Encryption VersionRemarks
PGP_V1Uses x25519-xsalsa20-poly1305 algorithm
PGP_V2Uses aes256GcmHkdfSha256 algorithm with EIP712 type signatures
PGP_V3Uses aes256GcmHkdfSha256 algorithm with EIP191 type signatures
NFTPGP_V1Uses aes256GcmHkdfSha256 algorithm with EIP191 type signatures and client enabled overriding secret


This encryption version represents the initial implementation for securing Push Profiles. It relies on Metamask's legacy API functions, namely eth_getEncryptionPublicKey and eth_decrypt, for the encryption and decryption of PGP keys. It's important to note that these functions have been deprecated and are not supported by other providers. Consequently, we strongly recommend against using this method for encryption.

For more details on the deprecation of these functions, please refer to the official announcement here.


This encryption version utilizes the aes256Gcm algorithm for encrypting PGP keys. In this scheme, a random nonce, salt, and an EIP-712-based signature are used to create the encryption key. The nonce, salt, and encrypted private keys are securely stored on Push Nodes. When combined with the user's signature, these components enable the decryption of the PGP keys.


This encryption version is the same as PGP_V2, but it uses an EIP-191-based signature instead of EIP-712. The transition to EIP-191 signatures simplifies cross-chain compatibility and eliminates the necessity for typed data signing for straightforward messages.


This encryption version is specifically designed for securing NFT Push Profiles within the framework of NFT Chat. NFT Chats introduce a unique concept where chat history becomes tied to an NFT and is carried along with the NFT when it changes ownership between users.

In this encryption method, users generate a secret or password, which is subsequently used to encrypt the PGP Private key. This secret is then encrypted using the PGP_V3 encryption scheme. Consequently, there are two methods for decrypting an NFT profile:

  1. By providing the secret directly or decrypting the secret by signing a message, which in turn is used to decrypt the PGP Key.

  2. During NFT transfers, the previous owner has the option to share the secret with the new owner, granting access to the chat history. Alternatively, the new owner can choose to create a new secret, effectively resetting the chat history.