feat: add NIP-46 remote signing, restore NIP-44/NIP-49

Add NIP-46 (Nostr Connect) pure protocol layer for remote signing —
bunker URI handling, ephemeral session management, JSON-RPC messages,
kind 24133 event wrapping/unwrapping, and convenience request creators.
No WebSocket or I/O; consumers provide their own transport.

Restore NIP-44 (versioned encrypted payloads) and NIP-49 (ncryptsec)
which were lost from git during security refactoring but remained in
the published v0.5.0 npm package.

Also adds getPublicKeySync(), finalizeEvent(), subpath exports
(nostr-crypto-utils/nip44, /nip46, /nip49), and 52 new tests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: vveerrgg

CHANGELOG.md

@@ -5,6 +5,31 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.5.1] - 2026-03-02
+
+### Added
+- **NIP-46 (Nostr Connect / Remote Signing):** Pure protocol layer for remote signing
+  - Bunker URI parsing, creation, and validation
+  - Session management with ephemeral keypairs and NIP-44 conversation keys
+  - JSON-RPC request/response creation and parsing
+  - Kind 24133 event wrapping (encrypt + sign) and unwrapping (decrypt + parse)
+  - Convenience request creators for all NIP-46 methods
+  - Response filter helper for relay subscriptions
+  - Full TypeScript types: `Nip46Method`, `BunkerURI`, `Nip46Request`, `Nip46Response`, `Nip46Session`
+- `getPublicKeySync()` — synchronous public key derivation from private key
+- `finalizeEvent()` — one-step event creation + signing utility
+- Subpath exports: `nostr-crypto-utils/nip44`, `nostr-crypto-utils/nip46`, `nostr-crypto-utils/nip49`
+
+### Restored
+- **NIP-44 (Versioned Encrypted Payloads):** Restored from published v0.5.0 (lost during security refactoring)
+  - `getConversationKey()`, `encrypt()`, `decrypt()`, `calcPaddedLen()`, `v2` API object
+- **NIP-49 (Private Key Encryption / ncryptsec):** Restored from published v0.5.0
+  - `encrypt()` and `decrypt()` for ncryptsec bech32 strings
+
+### Dependencies
+- Added `@noble/ciphers` (chacha20, xchacha20poly1305 for NIP-44/49)
+- Added `@scure/base` (base64 for NIP-44, bech32 for NIP-49)
+
 ## [Unreleased]
 
 ## [0.4.16] - 2025-02-19

README.md

@@ -10,6 +10,9 @@ This library provides essential cryptographic operations and utilities required
 - Key management and validation
 - Event signing and verification
 - Encrypted direct messages (NIP-04)
+- Versioned encrypted payloads (NIP-44)
+- Remote signing / Nostr Connect (NIP-46)
+- Private key encryption / ncryptsec (NIP-49)
 - Bech32-encoded entities (NIP-19)
 - Delegated event signing (NIP-26)
 - Authentication protocol (NIP-42)
@@ -37,6 +40,9 @@ This library provides essential cryptographic operations and utilities required
 - NIP-19: Bech32-Encoded Entities
 - NIP-26: Delegated Event Signing
 - NIP-42: Authentication Protocol
+- NIP-44: Versioned Encrypted Payloads
+- NIP-46: Nostr Connect (Remote Signing)
+- NIP-49: Private Key Encryption (ncryptsec)
 
 ## Project Structure
 
@@ -114,6 +120,9 @@ This library implements the following Nostr Implementation Possibilities (NIPs):
 | [NIP-19](https://github.com/nostr-protocol/nips/blob/master/19.md) | bech32-encoded Entities | Human-readable encoding for keys, events, and other entities | ✅ Complete |
 | [NIP-26](https://github.com/nostr-protocol/nips/blob/master/26.md) | Delegated Event Signing | Create and verify delegated event signing capabilities | ✅ Complete |
 | [NIP-42](https://github.com/nostr-protocol/nips/blob/master/42.md) | Authentication | Client-relay authentication protocol | ✅ Complete |
+| [NIP-44](https://github.com/nostr-protocol/nips/blob/master/44.md) | Versioned Encrypted Payloads | Modern encryption replacing NIP-04 (ChaCha20 + HMAC) | ✅ Complete |
+| [NIP-46](https://github.com/nostr-protocol/nips/blob/master/46.md) | Nostr Connect (Remote Signing) | Protocol layer for remote signing via bunker | ✅ Complete |
+| [NIP-49](https://github.com/nostr-protocol/nips/blob/master/49.md) | Private Key Encryption | ncryptsec password-encrypted key storage | ✅ Complete |
 
 ### NIP-01 Features
 - Event creation and serialization
@@ -210,6 +219,61 @@ try {
 }
 ```
 
+### NIP-44 Usage (Encrypted Payloads)
+
+```typescript
+import { nip44 } from 'nostr-crypto-utils';
+// Or via subpath: import * as nip44 from 'nostr-crypto-utils/nip44';
+
+// Derive a conversation key from ECDH
+const conversationKey = nip44.getConversationKey(myPrivKeyBytes, theirPubkeyHex);
+
+// Encrypt
+const encrypted = nip44.encrypt('Hello!', conversationKey);
+
+// Decrypt
+const plaintext = nip44.decrypt(encrypted, conversationKey);
+```
+
+### NIP-46 Usage (Remote Signing)
+
+```typescript
+import { nip46 } from 'nostr-crypto-utils';
+// Or via subpath: import * as nip46 from 'nostr-crypto-utils/nip46';
+
+// Parse a bunker:// URI
+const bunker = nip46.parseBunkerURI('bunker://pubkey...?relay=wss://relay.example.com&secret=abc');
+
+// Create a session (ephemeral keypair + NIP-44 conversation key)
+const session = nip46.createSession(bunker.remotePubkey);
+
+// Build a request
+const req = nip46.connectRequest(bunker.remotePubkey, bunker.secret);
+
+// Wrap into a kind 24133 encrypted event (ready to publish to relay)
+const event = await nip46.wrapEvent(req, session, bunker.remotePubkey);
+
+// On receiving a response event, unwrap it
+const response = nip46.unwrapEvent(responseEvent, session);
+
+// Create a filter for subscribing to responses
+const filter = nip46.createResponseFilter(session.clientPubkey);
+```
+
+### NIP-49 Usage (ncryptsec Key Encryption)
+
+```typescript
+import { nip49 } from 'nostr-crypto-utils';
+// Or via subpath: import * as nip49 from 'nostr-crypto-utils/nip49';
+
+// Encrypt a private key with a password
+const ncryptsec = nip49.encrypt(secretKeyBytes, 'my-password');
+// Returns: 'ncryptsec1...'
+
+// Decrypt it back
+const secretKey = nip49.decrypt(ncryptsec, 'my-password');
+```
+
 ### Type System
 
 #### Event Types

dist/browser/116.nostr-crypto-utils.min.js

@@ -0,0 +1 @@
+/*! scure-base - MIT License (c) 2022 Paul Miller (paulmillr.com) */