keychat on Nostr: Later, we will write a note explaining the two ways to add friends in Keychat: ...
Later, we will write a note explaining the two ways to add friends in Keychat: through QR codes and through Npub, which involves the Signal protocol.
quoting note1fhe…6mscBelow is the QR code for Keychat users. What is its purpose?
Let's revisit the Signal App. Alice and Bob register using their phone numbers, generating Signal key pairs (including ephemeral keys) locally, and uploading the public keys to the Signal server. When Bob wants to add Alice as a friend, he enters her phone number, prompting the Signal App to request Alice’s Signal public keys from the server. Bob’s Signal App uses these public keys and his private keys to initiate the X3DH and double ratchet algorithms, deriving an encryption key for the first message, which includes Bob’s public keys in plaintext. Upon receiving this message, Alice’s Signal App uses Bob’s public keys and her private keys to initiate the same algorithms, deriving the encryption key to decrypt the message.
Following the design principle of minimizing server power, Keychat does not use a server to store user public keys. The Keychat QR code directly contains the various keys needed to initiate the X3DH and double ratchet algorithms. By scanning the QR code or copying and pasting its content, users can add friends and start chatting.
The QR code also includes a Nostr public key. Just as a phone number is the ID for Signal App users, a Nostr public key is the ID for Keychat users.
Suppose Alice and Bob are both using Keychat, but Bob only knows Alice's Nostr public key and does not have the QR code. How can Bob add Alice as a friend? Bob can send Alice a Nostr DM (NIP-4) message to request the QR code. After receiving the DM, Alice can reply to Bob, enabling them to switch to Keychat mode.
Alice can choose to block all NIP-4 messages, allowing only those who know her latest QR code to add her as a friend, preventing spam. The QR code has an expiration date because ephemeral keys need to be continuously updated. Friends cannot be added using an expired QR code. Keychat will continuously generate new QR codes.