Skip to main content

ยท 2 min read

There's an update to NumerBay's encryption mechanism due to MetaMask deprecating some methods.

What's the impactโ€‹

Users are encouraged to generate a new key pair by clicking the Replace key pair in the Edit profile page.

This action is not compulsory at this point.

Apart from above, there is no change to user workflow.


After generating a new key pair, you will lose access to all existing files encrypted with the old key. It is recommended to replace key pair only when you don't have active orders.

If your workflow uses the exported key file, you need to export it again after replacing the keys.


I'm an existing user, do I have to change my workflow due to this release?โ€‹

No, you don't have to change anything. Change of encryption key is optional at this point.

When will this change become compulsory?โ€‹

When MetaMask announces the timeline for the removal of the deprecated methods, another update will be posted.

I use the NumerBay python client, do I need to change my code?โ€‹

No, you don't need to change your code. This update is related to the change of storage encryption mechanism for the encryption key only and does not change how files are encrypted or decrypted.

However, if your code uses the exported key file for file decryption, you need to export it again after regenerating the key pair and replace the old key file in your repository.

What's the change?โ€‹

The existing encryption mechanism (legacy mechanism) on NumerBay encrypts the generated encryption key with user's MetaMask wallet and stores the encrypted key on the server, and when need it is then decrypted using the MetaMask wallet. This process involes MetaMask's eth_getEncryptionPublicKey and eth_decrypt methods which have recently been deprecated.

The new mechanism (encryption v2) instead encrypts the encryption key with a storage key derived from signature by having the user sign a random salt. This gets around the above two deprecated methods and may also enable support for some hardware wallets which don't allow direct access to their public keys.

ยท 3 min read

NumerBay now supports client-side encryption for delivery of artifact files.

Each file will be uploaded for each active order separately and all files are encrypted in browser / Python client with buyer's public key before transmission. This is a small first step towards decentralization for NumerBay.

New listings will default to using encryption, but the legacy option continues to be available.

What's differentโ€‹

The following table outlines the key differences for listings with and without client-side encryption:

ItemWith Client-side EncryptionWithout Client-side Encryption
1. One-off Uploadโœ”๏ธ
2. Auto Numerai Submissionโœ”๏ธ*โœ”๏ธ
3. External URL Artifactโœ”๏ธ
4. Requires MetaMaskโœ”๏ธ
  1. For encrypted listings, upload is only possible when you have active sale orders. Upload is repeated for every active sale order at the time of upload, and the process needs to be repeated for any subsequent sale order. Both the web UI and Python client automates this by repeating the encryption and upload during upload. In the future, polling listener for Python client or browser notification might be added to make automation easier.
  2. [*] Numerai submission for encrypted artifact is done during seller upload for each order as a separate special artifact, instead of being automated by the NumerBay backend. Therefore, for buyers this has reliability implication. Soon NumerBay will add reminder emails to sellers for outstanding file delivery and submissions.
  3. Encrypted listings do not support adding external URLs as artifacts, only file upload is allowed.
  4. MetaMask connection is required due to the need for generating encryption keys and performing decryption.


I'm an existing seller, do I have to change my workflow due to this release?โ€‹

No, you don't have to change anything. Encryption is optional at this point.

You can continue to use the existing mechanism for artifact delivery. There is no plan to disable the existing artifact APIs, therefore your existing automation pipelines will be compatible with this change.

I'm a seller, how do I start using encryption?โ€‹

In the listing edit panel for your product, select the Use Client-side Encryption option. That's it! Files will be encrypted for new sale orders, existing active sales will not be affected. You can use the Python client to automate encryption and file upload. A tutorial for selling is available here.

I'm a buyer, what do I need to do?โ€‹

An encryption key pair is required for encryption on the seller side and for decryption after you download the files, please head to the profile page to generate a key pair. Export the key file for safe-keeping and for use with the Python client. A tutorial for buying is available here.

How does the encryption work?โ€‹

A 32-byte key pair is generated in your browser. Its private key is immediately encrypted with your MetaMask account. The encrypted private key together with the public key are stored in your user profile on the NumerBay server. NumerBay does not have access to your unencrypted private key.

When you make an order for an encrypted product, your public key is shared with the seller which they will use to encrypt any artifact file that will be delivered to you.

When downloading a file in browser, file is first downloaded into browser cache. You will then be prompted by MetaMask to decrypt your NumerBay private key, and the file is then decrypted with the NumerBay private key and save as a file.