Invite is a safe way to exchange session keys and initiate secret sessions.

It can be shared privately as an URL (e.g. QR code) or published as a Nostr event.

Even if inviter's or invitee's long-term private key (identity key) and the shared secret (link) is compromised, forward secrecy is preserved as long as the session keys are not compromised.

Also make sure to keep the session key safe.

Methods

  • Called by the invitee. Accepts the invite and creates a new session with the inviter.

    Parameters

    • nostrSubscribe: NostrSubscribe

      A function to subscribe to Nostr events

    • inviteePublicKey: string
    • encryptor: Uint8Array<ArrayBufferLike> | EncryptFunction

    Returns Promise<{ event: VerifiedEvent; session: Session }>

    An object containing the new session and an event to be published

    1. Inner event: No signature, content encrypted with DH(inviter, invitee). Purpose: Authenticate invitee. Contains invitee session key.
    2. Envelope: No signature, content encrypted with DH(inviter, random key). Purpose: Contains inner event. Hides invitee from others who might have the shared Nostr key.

    Note: You need to publish the returned event on Nostr using NDK or another Nostr system of your choice, so the inviter can create the session on their side.

  • Invite parameters are in the URL's hash so they are not sent to the server.

    Parameters

    • root: string = "https://iris.to"

    Returns string

  • Save Invite as JSON. Includes the inviter's session private key, so don't share this.

    Returns string