Can Nostr Events be Manipulated?

If you haven’t been following along, I have a couple of nostr posts at this point. I’ve been trying to further understand nostr by deep diving the protocol. At this point my thought is how mutable are nostr messages (events), I understand that during broadcast the relay verifies the signature, but then they need to store these events in some centralized database, right? Could a rogue relay for example accept your event, then alter it at a later time?

Simple Tools for Interacting with the Nostr Protocol

If you haven’t had a chance to ready my previous post about nostr, it is probably worth checking out as it give a detailed, step by step explanation. With knowledge gained from the previous post I decided to put together a couple of rough python scripts, this is to handle a few of our previously manual steps. Head on over to my Github and check out my nostr_stuff repository:

Deciphering Nostr and it's private keys

I’ve heard of for about a year, but not until recently have I experimenting with it. This post consists of my rough notes as I progressed to sending a nostr message. If you are interested in a bare minimum way to post events to nostr, read on. Generate a new private key $ openssl ecparam -name secp256k1 -genkey -out ec-priv.pem The output here as the file extension notes is PEM:

Using GPG to sign and verify a message

First off GPG stands for GNU Privacy Guard , and is a open source implementation of PGP. So what can you do with GPG , and why should we care? One common use of is to sign your messages, this way the receiver can verify it did in fact come from you, and that it hasn’t been altered. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.4 Comment: Hostname: mQENBFJgLEgBCADcYnqxjoWIUoaRQEdvyIKu0g2UkTRRUidpkLhqqLCMmP4EQgB9EosoTUVn NiLyXrqpSUvD5RkOtzj4rHIn2trSey9D7pu++5u1x0hGTIaCxcbQMK6l+MhqwLdPshyEvTv/ b+aNUZSiES4azzbTNX06O0uUT3qQqAgkZsFA1tBY4Fcw6GavvgifWL83XNJADpKV72tXraVE mHGeQltwMUT/klzTeamjiN/C/+/3POz8ogH7PQ2JAtd5us4bl/zVLPoi/tLIs+rizxP7EGnJ aILVTDxj14gDzSMPsxuLpOKwxZP08w4rdmIil9iBqDlc6YhSiGr48EIZP6qEIYQyuQmNABEB AAG0IEplZmZyZXkgTmVzcyA8ZmxpcDM4N0BnbWFpbC5jb20+iQE+BBMBAgAoBQJSYCycAhsD BQkHhM4ABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAVgZxb+A0sKJBJB/oCr8/1rIvD /b+trpmmMcStYAT+K/U41bWpCbE6yOIh+ab7Dgh3l3QRM48rUVYbR0gwWE9q8eE/NRaHDBDq 2jYaOv7kZMJ5KTiU3svnq0qDlbuA5MTvEis6rr+iNy1ne2kxOoukSiAfU6dIkQuSHU0Dz5Ns 2bAu0YBwoxtanDntqAjEOOr/VOYJKBP1fUhd413O3WOKRIUciGneDihUM+TGyG50wFmE7J7x j8ydkYZDvLrDNxOVqFm5SxugLke8jkaiiPSTk/mlckHupkJHtAPlxeq69N7HQVT+/aCKzIty Se4dQqJFV6VhlQVjLS3QYKUStja1bZJeE3rIKjOjBY0+tCVKZWZmcmV5IE5lc3MgPGpuZXNz QGZsaXAtZWRlc2lnbi5jb20+iQE+BBMBAgAoBQJSYCxIAhsDBQkHhM4ABgsJCAcDAgYVCAIJ CgsEFgIDAQIeAQIXgAAKCRAVgZxb+A0sKPbHB/4sSHuZvEdt3KIkIj5RRnNRXgJ0PnImp5Gk PY4vxuokWndmJUTF8JnGmmdJqBhpQ/bzWHdm9xYUd6QJ6IzSBCcYarBF7h7XcjY8nFheJsyF jfRcm90RsIMjDNhKtwB9aChCznVBnVujwRafVnyuerzexpsIrE6McN2s8redDlR0WBx+LZwm fwzZ+qX7PjCRlFsoNy0nUqI33EYP0QAbx6PCPcTiDcou5UFuOEK70uZh/k2l2hBOajWJN9x1 6UQVfGuOmERVsD6dXiCbNs1C7pce0Rj7WFwolpBBeYk9g5OHLmBdlf9pta3gJXExEJWJPLTS euQtKkTdj5Pu2HKX7qxyuQENBFJgLEgBCADY1aF23k3eLLGghn0xugEPKNaG6Ve1lozmCWK9 RgkQVhx070ktG5iVkT7Zx3VMMG0M2g/Aas/l5XC6Z3Gx3Fm3U5TQ43pNnR2vea1yhA1LrahN PwqQcNld+mtJca2go5hcX0pTqcYBNVkHtn+cMQJNPdyE1bWCh77BH/oScWNrwJVljPBsJju+ Wg5cFzHyujCaYd+RW7hG5nKC6Bz5ldXvUyeEAWyEjvXNM7gSmsXTBOOuFzyK2F50j7rLAyEI IyDN16zAyqiHOaq+4NJBRxLJmvR5bwOtTCSdtQPMxusG54Qc65VbJalGs90B4F+okP3FtNWs MaQzshuo8yaQJ9H5ABEBAAGJASUEGAECAA8FAlJgLEgCGwwFCQeEzgAACgkQFYGcW/gNLCjN yAgAoLtLiEuoq/NAkcXgrJtykicbXgeDDrXwlCEOeMuChsfAJeExN3GV1rGomq0AGySGuxgH +U61OAfeKcCWNCS3Sr7AVPbeqgomy4DDwkf60nks7/SKVEaOxMbdBaCBbYBi8gQWGc+3VTHM s4m9135nfQhhh5e8yAF0YiOv8+b7K+uLjrh6ggYXhvXWMvhqT5xN3NatAasfHIgbRVg26VxN GXWg6urEppXCeeNFosPSZrCHfMs+ncQR0+at7OAcbp8E8wGVLslYDbZSz/YGK+jVcfqzLKj7 DtK57lyAxrc+EY7385PPHhd0Lf5tRufsPce/Q2s/ItQTaYBKXWq0s5sFhg== =pePB -----END PGP PUBLIC KEY BLOCK----- Using the above public key we can verify a signed message I wrote.