Security Note — Chat Keys vs Spend Keys

ÐWhisper implementations SHOULD use dedicated chat keys that are separate from Dogecoin spend keys.

Rule

Spend keys protect DOGE and inscriptions.
Chat keys protect message confidentiality.
A wallet MUST NOT require users to reuse high-value spend keys for encrypted messaging.

Why Separation Matters

Using the same key for spending and messaging creates unnecessary blast radius:

A leaked chat private key could endanger funds if it is also a spend key.
A spend-key signature prompt could be confused with a chat-key authorization prompt.
Reusing public keys links financial activity and message activity more tightly than necessary.
Long-lived encrypted messages remain on-chain forever; future compromise of a reused key can reveal old content.

Recommended Wallet Model

Wallets SHOULD derive chat keys under a distinct account path or local key namespace and label them clearly in UI.

Recommended behavior:

Generate a dedicated ÐWhisper keypair per wallet profile.
Let advanced users rotate chat keys without moving funds.
Publish chat public keys through ÐWhisper key-announcement or verified ÐMS records.
Mark expired, revoked, or unsigned chat keys in UI.
Require stronger confirmation before using any spend key for messaging.

Signing and Authentication

A chat key announcement MAY be signed by a spend address to prove control, but the signature should be a one-time authorization statement, not ongoing key reuse.

Wallets SHOULD display:

The Dogecoin address or identity that authorized the chat key.
The chat public key fingerprint.
The source of the announcement, such as ÐWhisper, ÐMS, or a wallet address book.
Revocation or expiry status when known.

User-Facing Warning

Wallets SHOULD show a warning similar to:

This action uses a messaging key, not your DOGE spend key. Keep chat keys separate from spend keys. Reusing a spend key for messages can link your activity and increase loss risk if that key is compromised.

Wallet Notifications Spam Mitigation