Skip to content

Home

NostrMail

A simple email encryption tool based on secp256 key pairs.

How it works:

NostrMail encrypts content using a symetric key derived from a combination of the sender's private key and the receiver's public key.

Both sender and receiver derive a shared secret known only to them, which is used to protect their communications.

This application can use any email server for delivery.

Why have you done this?

NostrMail aims to improve privacy for the average pleb by bridging the gap between nostr and email. The two protocols serve different purposes, but they also solve each other's problems. For example, PGP does exist for email but it has not seen mainstream adoption because it relies on an existing key registry.

Feature Nostr Email NostrMail
Social Key Registry
PGP
Long form content
Archival Storage
Ubiquitous

Obligatory warning

Nostrmail uses NIP-04, which has many issues pointed out here. While not perfect, it's better than cleartext.

Usage

You'll need docker.

Clone and navigate to the base of the repo directory, then:

docker compose up nostrmail

Navigate to http://localhost:8050

Here are all the services you can run with docker compose up <service name>

service purpose port
nostrmail main dashboard site 8050
alice "Alice" dashboard for testing 8051
bob "Bob" dashboard for testing 8052
docs documentation site 8000
notebook jupyter notebook for prototyping 8888

Configuration

Environment variables

Create a .env file and place it in the base of this repo to set the defaults for the above containers.

NOSTR_PRIV_KEY=<your priv key>
EMAIL_ADDRESS=<your public email address>
EMAIL_PASSWORD=<email password>

# email server, assuming gmail
IMAP_HOST=imap.gmail.com
IMAP_PORT=2525
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587

# this is where we find pub keys for now (should use NIP-02)
NOSTR_CONTACTS=/nostrmail/address_book.yaml

# the below configuration is for test purposes only
PRIV_KEY_ALICE=<priv key for alice>
EMAIL_ADDRESS_ALICE=yourname+alice@gmail.com
EMAIL_PASSWORD_ALICE=<same email password as above>

PRIV_KEY_BOB=<priv key for bob>
EMAIL_ADDRESS_BOB=yourname+bob@gmail.com
EMAIL_PASSWORD_BOB=<same password as above>

NOSTR_MAIL_IMAGE_TAG=<dockerhub_username>/nostr-mail

Address book/relays

Create a file in the local directory called address_book.yaml to specify private contacts. Here's an example.

contacts:
  - username: alice
    pubkey: 12697aa72d2269aa632319d000b0548235d1d385dc16260ca77f704e802b5483
  - username: bob
    pubkey: 8619149c5549fa9970c042da77d9d018c7213e83aa49b89c234da9c298ecb941
  - username: asher
    pubkey: 86fb0bd1f7edcb17b39e897488f51f1d22ac6bd93aae491fc7cd45c9fb0d4ad8
relays:
  - wss://nostr-pub.wellorder.net
  - wss://relay.damus.io

Email

Configure your email account to allow sending and receiving emails. Here are instructions for gmail.

  1. Generate an app password (required if using 2-factor auth) See https://support.google.com/accounts/answer/185833?hl=en
  2. Set EMAIL_PASSWORD in your .env file as explained above.
  3. Open gmail settings to enable IMAP
    1. In the top right, click Settings Settings and then See all settings.
    2. Click the Forwarding and POP/IMAP tab.
    3. In the "IMAP access" section, select Enable IMAP.
    4. Click Save Changes.