author: akumaigorodski discussion: https://t.me/lnurl/709
This defines a new successAction type for payRequest: aes. Besides the tag field it requires description, ciphertext and iv.
The encryption key is the payment preimage for the invoice specified in the pr field, so it's safe to include data in the ciphertext that the user will only be able to see if they complete the payment.
See example below:
{
tag: 'aes'
description: 'Here is your redeem code' // Up to 144 characters
ciphertext: <base64> // an AES-encrypted data where encryption key is payment preimage, up to 4kb of characters
iv: <base64> // initialization vector, exactly 24 characters
}
An aes successAction should be displayed and stored like the message type, but with the message corresponding to the plaintext after being decrypted with the payment preimage.
For message, a toaster or popup is sufficient. For url, the wallet should give the user a popup which displays description, url, and a 'open' button to open the url in a new browser tab.
Used encryption type is 256-bit AES in AES/CBC/PKCS5Padding mode.
An encryption example in Scala:
val iv = Tools.random.getBytes(16) // exactly 16 bytes, unique for each secret
val key = Tools.random.getBytes(32) // payment preimage
val data = "Secret data".getBytes
val aesCipher = Cipher getInstance "AES/CBC/PKCS5Padding"
val ivParameterSpec = new IvParameterSpec(iv)
aesCipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), ivParameterSpec)
val cipherbytes = aesCipher.doFinal(data)
val ciphertext64 = ByteVector.view(cipherbytes).toBase64 // Base 64 alphabet as defined by http://tools.ietf.org/html/rfc4648#section-4 RF4648 section 4. Whitespace is ignored.
val iv64 = ByteVector.view(iv).toBase64 // 16 bytes results in exactly 24 characters