nostr-protocol · dtonon · Mar 17, 2026 · Mar 19, 2026 · Mar 19, 2026 · Mar 19, 2026
diff --git a/33.md b/33.md
@@ -1,9 +1,165 @@
 NIP-33
 ======
 
-Parameterized Replaceable Events
---------------------------------
+Personal Notes
+--------------
 
-`final` `mandatory`
+`draft` `optional`
 
-Renamed to "Addressable events" and moved to [NIP-01](01.md).
+This NIP defines a standard for storing personal, self-addressed encrypted notes on Nostr relays. The primary goal is privacy: all content is encrypted before leaving the client, event tags carry no plaintext metadata, and the author's pubkey is the only identity involved. Encryption uses [NIP-44](44.md) for relay payloads and AES-256-GCM for file storage.
+
+Two event kinds are defined:
+
+| Kind  | Description       |
+|-------|-------------------|
+| 33301 | Plain text note   |
+| 33302 | File attachment   |
+
+`All kinds are **addressable events** (30000–39999 range per [NIP-01](01.md)), identified by a `d` tag set to a client-generated note ID. This enables in-place replacement (edits) and deduplication across relays.
+
+## Kind 33301 — Plain note
+
+A plain text note. The `content` field holds a **NIP-44 ciphertext** produced by encrypting a JSON payload using the author's own keypair on both sides of the ECDH derivation(self-encryption). No other tags carry meaningful content.
+
+**Event fields:**
+
+| Field     | Value                                         |
+|-----------|-----------------------------------------------|
+| `kind`    | `33301`                                       |
+| `tags`    | `[["d", "<client-generated note ID>"]]`       |
+| `content` | NIP-44 self-encrypted JSON `{"text": "..."}` |
+
+**Payload 'content' fields:**
+
+| Field       | Required | Description                               |
+|-------------|----------|-------------------------------------------|
+| `text`      | yes      | Plain text content                        |
+| `sensitive` | no       | It should be handled discreetly by the UI |
+
+**Payload example (before encryption):**
+
+```json
+{
+  "text": "<note content>",
+  "sensitive": <true|false>
+}
+```
+
+
+**Full event example:**
+
+```jsonc
+{
+  "kind": 33301,
+  "pubkey": "<author-pubkey>",
+  "created_at": 1700000000,
+  "tags": [
+    ["d", "0193a4b2e8f1c3d7"]
+  ],
+  "content": "<nip44-ciphertext>",
+  "id": "<event-id>",
+  "sig": "<signature>"
+}
+```
+
+The decrypted `content` for the above would be:
+
+```json
+{
+  "text": "Remember to pick up groceries",
+  "sensitive": true
+}
+```
+
+## Kind 33302 — Attachment
+
+A file attachment note. The `content` field holds a NIP-44 self-encrypted JSON object describing the file. The file bytes themselves are encrypted separately with AES-256-GCM (wire format: `nonce[12] || ciphertext || mac[16]`) and uploaded to a [Blossom](https://github.com/hzrd149/blossom) server. Small files (e.g. config files, credentials backup, SSH keys) MAY be stored inline in the `data` field as base64-encoded AES-256-GCM ciphertext, removing the need for a separate file server.
+
+**Threshold:** files 32 KB or larger SHOULD be uploaded to a Blossom server and referenced via `url`; files smaller than 32 KB MAY be stored inline in the `data` field as base64-encoded AES-256-GCM ciphertext.
+
+**Encryption:** AES-256-GCM encryption is required for Blossom-hosted files since they are publicly accessible by URL. A fresh key MUST be randomly generated for every event, so each upload is independently encrypted. Inline files apply the same encryption uniformly, even if it's technically redundant since the payload is NIP-44 encrypted, to follow the same code path regardless of storage destination.
+
+**Event fields:**
+
+| Field     | Value                                         |
+|-----------|-----------------------------------------------|`
+| `kind`    | `33302`                                       |
+| `tags`    | `[["d", "<client-generated note ID>"]]`       |
+| `content` | NIP-44 self-encrypted attachment JSON         |
+
+**Payload fields:**
+
+| Field            | Required | Description                                                       |
+|------------------|----------|-------------------------------------------------------------------|
+| `filename`       | yes      | Original filename including extension                             |
+| `file-type`      | yes      | MIME type of the file before encryption                           |
+| `size`           | yes      | Original unencrypted file size in bytes                           |
+| `dim`            | no       | Size of image in pixels in the form <width>x<height>              |
+| `x`              | yes      | Hex SHA-256 of the **encrypted** file bytes                       |
+| `decryption-key` | yes      | Hex-encoded 32-byte AES-256-GCM key, MUST be randomly generated per event |
+| `url`            | no*      | Blossom URL of the encrypted file (required if `data` is absent)  |
+| `data`           | no*      | Base64-encoded encrypted file bytes (required if `url` is absent) |
+| `thumbhash`      | no       | Base64-encoded [thumbhash](https://github.com/evanw/thumbhash) for images, shown as placeholder while loading     |
+| `caption`        | no       | Optional text caption                                             |
+| `sensitive`      | no       | Should be blurred in the UI, default false                        |
+
+*Exactly one of `url` or `data` MUST be present.
+
+**Payload example (before encryption):**
+
+```json
+{
+  "filename": "<original filename>",
+  "file-type": "<MIME type>",
+  "size": "<original unencrypted size in bytes>",
+  "dim": "<width>x<height>",
+  "x": "<hex SHA-256 of the encrypted file bytes>",
+  "decryption-key": "<hex-encoded 32-byte AES-256-GCM key>",
+  "url": "<Blossom URL>",
+  "data": "<base64-encoded encrypted bytes>",
+  "thumbhash": "<base64-encoded thumbhash>",
+  "caption": "<optional text caption>",
+  "sensitive": <true|false>
+}
+```
+
+**Full event example:**
+
+```jsonc
+{
+  "kind": 33302,
+  "pubkey": "<author-pubkey>",
+  "created_at": 1700000000,
+  "tags": [
+    ["d", "0193a4b2e8f1c3d8"]
+  ],
+  "content": "<nip44-ciphertext>",
+  "id": "<event-id>",
+  "sig": "<signature>"
+}
+```
+
+The decrypted `content` for the above would be:
+
+```jsonc
+{
+  "filename": "photo.jpg",
+  "file-type": "image/jpeg",
+  "size": 204800,
+  "dim": "800x600",
+  "x": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+  "decryption-key": "a2b4c6d8e0f1a3b5c7d9...",
+  "url": "https://blossom.example.com/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", // AES-256-GCM encrypted file
+  "thumbhash": "YQkGDYSId3h3d4d3aIeHeA==",
+  "caption": "Sunset at the coast",
+  "sensitive": true
+}
+```
+
+## Notes
+
+To add an additional layer of privacy, clients SHOULD publish these events to personal or authenticated relays (e.g. via [NIP-42](42.md)) that only serve events back to their owner. Publishing to public relays is not forbidden, but it increases metadata exposure (everyone can observe pubkey activity and event timestamps).
+
+## Reference implementation
+
+[Manent](https://github.com/dtonon/manent) is the reference client implementing this NIP.