NIP-17

Private Direct Messages

final encryption

NIP-17 replaces NIP-04 for private messaging. By combining NIP-44 (modern encryption) with NIP-59 (gift wrap), it conceals not just message content but also who is talking to whom and when.

Author
ssaurel, kieran, vitorpamplona
Last Updated
25 April 2026
Official Spec
View on GitHub →

NIP-17: Private Direct Messages

Status: Final Category: Encryption

Overview

NIP-17 defines the modern way to send private direct messages on Nostr. It is the successor to NIP-04 and the recommended standard for any new client implementing DMs.

The key insight is that encrypting content (NIP-04 / NIP-44) is not enough on its own. The message envelope still leaks metadata — sender, recipient, and timing — to every relay it passes through. NIP-17 fixes this by combining two newer NIPs:

  • NIP-44 for modern, authenticated content encryption
  • NIP-59 (Gift Wrap) to hide sender, recipient, and event metadata

The result is a message that looks unrelated to its real participants until the recipient’s client unwraps it.

Why NIP-17 Exists

NIP-04 was the original DM scheme but had three significant problems:

  1. Metadata visible — every relay can see who is messaging whom, even if they cannot read the content
  2. Weak cryptography — the AES-CBC scheme is no longer recommended
  3. No tamper protection — messages could be modified

NIP-17 addresses all three by:

  • Using NIP-44 for proper authenticated encryption
  • Wrapping each message in a NIP-59 gift wrap so the outer event reveals nothing
  • Randomising timestamps so messages cannot be correlated by time

How It Works

A NIP-17 message is sent as a chain of three layers:

  1. Rumor (kind 14) — the actual message, signed by the sender
  2. Seal (kind 13) — the rumor encrypted with NIP-44 using the sender’s key
  3. Gift wrap (kind 1059) — the seal encrypted again using a random one-time key

Only the gift wrap is published to relays. The recipient’s client downloads it, decrypts to find the seal, decrypts again to find the rumor, and verifies the sender’s signature.

Sender → Rumor (kind 14) → Sealed (kind 13) → Gift Wrapped (kind 1059) → Relay → Recipient

Crucially, the gift wrap is signed by a random throwaway key, not the sender’s real key. To anyone except the recipient, the message looks like an unrelated event from a stranger.

Group Messages

NIP-17 also supports group conversations. The same rumor is wrapped separately for each participant — each receives a gift wrap addressed to their key alone. Relays cannot tell that the wraps are part of the same conversation.

Trade-offs

NIP-17 is a major privacy improvement, but there are practical considerations:

  • Storage cost — group messages multiply: a 5-person group means 5 separate gift wraps per message
  • Cross-client compatibility — only newer clients support NIP-17; sending to a NIP-04-only client requires a fallback
  • Forward secrecy — long-term key compromise still reveals past messages; NIP-17 does not introduce ratcheting

Client Support

NIP-17 is supported by major modern clients including Damus, Amethyst, Primal, 0xchat, and Coracle. New deployments should default to NIP-17 and treat NIP-04 as a backwards-compatible fallback only.

Migration Guidance

For developers

  • Implement NIP-17 send and receive paths first
  • Detect recipient client capability via NIP-65 relay metadata or a probe message
  • Fall back to NIP-04 only if the recipient explicitly does not advertise NIP-17 support

For users

  • Keep your existing client up to date — most major clients now use NIP-17 by default
  • Old NIP-04 conversations remain readable; new ones are sent privately
  • NIP-04 — original DMs (deprecated for new use)
  • NIP-44 — modern content encryption (used inside NIP-17)
  • NIP-59 — gift wrap envelope

Last updated: April 2026 Official specification: GitHub

Client Support

This NIP is supported by the following clients:

damus amethyst primal 0xchat coracle
View all clients →

Related NIPs

NIP-04 NIP-44 NIP-59
← Browse All NIPs