Step 1 in this spec says

{
  type: 'meta/add/derived',
  purpose: 'chess',
  subfeed: 'ssb:feed/classic/DIoOBMaI1f0mJg+5tUzZ7vgzCeeHh8+zGta4pOjc+k0='
  metadata: {
    encryption: {
      curve: 'curve25519',
      public: 'BtFRgQLgXyq3G48jDrX9OaY/mnPaWnu+kOfx2yEOWwU=' // public DH key
    }
  }
}

But we're missing the private part of the keypair.

You said in this PR that "And we are only publishing the public part!!! the private part must be persisted by you", and I understand that you can't put the private part in this message, but we need the private part to be recoverable from your SSB messages somehow. It's not enough to ask the user to backup ~/.ssb/secret PLUS the private DM keys for each subfeed, it has to be sufficient to only know ~/.ssb/secret.

And if we are going to announce the private part of the key somewhere on the log, then HOW should we do that? The spec needs to say.

This is important for production, but IMO it's not important for completing our NGI milestone. We need to get stuff shipped but we're constantly creating new tasks for ourselves. Let's call it a day!

I propose doing ed25519-to-curve25519 conversion until we figure this out.

cc @mixmix @arj03

I wonder if we can use the same scheme that is used for metafeeds, where if we derive the key deterministically from the seed we store the nonce in there together with the public key. Otherwise it is up to the author to make sure the key is safe in another way.

I'd be happy with the nonce-based key derivation idea.

I don't think this needs to be in the main spec. If anything it's an addendum about a pattern which saves you storing heaps of keys. Probably in a different file yes?