I have simply understood (after my first npub was linked to ZBD and was forever linked/lost) to NEVER SHARE YOUR PK. If you share it/link it, it can be compromised. While you can, just know it could have costly consequences.
Discussion
Yeah there really is no secure way to make a nostra web app without tying into the browser certificate API and have the client side code required signing before sending the payload. I am interested to know if this is being discussed more or what is being implemented or leverage to accomplish a secure relationship with a nostra web app and a client.
Good question… I believe you aren’t alone in the pursuit, but not certain on who has had the most success…
nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z might have some suggestions.
I did a little digging on this today. There is a crypto API that can be used clients side but the problem is key storage. You can store that in indexdb but thats not all that great. I am going to dig on this more and see if these apps are doing any of that or if they are storing it server side. If I get the time I'll do a write up on what I find.
This also raises some questions I have on my Bitcoin node…I haven’t connected it with anything other than to continue downloading the blocks.