Why is that? I’ve not heard it and some apps don’t give an option to use an extension. How do you get your nsec into Alby if not pasting?
Interesting. I was unaware that Yakihonne had their own lightning wallet.
nostr:nprofile1qywhwumn8ghj7mn0wd68ytnjda3kket5dehkgefwwdcxzcm99uq3jamnwvaz7tmjv4kxz7fwd4hhxarj9ec82c30y5erqqg4waehxw309aex2mrp0yhxgctdw4eju6t09uq3jamnwvaz7tmwdaehgu3wvdshymr0wd6xkepwvd5z7qgnwaehxw309ac82unsd3jhqct89ejhxtcpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcppamhxue69uhhy6m8dvhx6mm99uqzpu40g585yw4jszly54t2p4qpehpsvyl7mtlrddudmcl0jtcdde63k4ws38 in the above setup, Yakihonne would replace CoinOS. I don't know anything about Yakihonne's wallet, though, so I can't speak to which is better.
I cannot stress enough that you should NOT follow instructions 1-3, though. Don't paste your nsec into clients. Use a signing extension like Alby or Nos2x for that.
Discussion
You would paste it into Alby, yes. But you should ONLY paste it to Alby and nowhere else. One single place that has your nsec is WAY better than giving every single client you ever try, even once, your nsec.
If your nsec is compromised, then whoever has access to it can post as though they are you and you have to start over on Nostr completely. The less places where it could potentially be compromised, the better.
I highly recommend avoiding using any Nostr app that has no option to log in other than pasting your nsec. There is no excuse for it at this stage of the game, especially for web apps, where signing extensions like Alby and Nos2x have been the standard for quite some time now.
Thank you. Some of the apps recommended by some of the most popular and prolific users have no such signing extension options.
Which ones specifically? I don't know of any popular Nostr web apps that don't allow for signing in using a browser extension these days.
Native mobile apps are another matter. Android has Amber signing app for those, but there is not currently any signer application available on iOS for native apps. There is a browser extension available for Safari called NoStore, I believe, and nsec.app, which is available for all platforms, but both of those only work with web apps and not with native apps.
Multiple native apps only allow for copying and pasting. At least one doesn’t even hide the nsec in their settings. Regarding Nostr website clients, they’re limited by the browser. For example, Nostr PWA’s on phones and tablets cannot access the extensions designed for desktop versions of Chrome and Safari.
I mentioned above that native apps are a different story, especially on iOS where there really is no other option at this time.
PWAs are also a different matter. If you are using PWAs on iOS then pasting your nsec may be your only option. Not sure if nsec.app might work for that use case. Either way, I still wouldn't recommend pasting your nsec into a client if it can at all be avoided, regardless of how much you trust the developer.
It's a matter of how cavalier you want to be about your nsec possibly being compromised. I have been around here long enough to know that even the most well-intentioned devs in this space make mistakes that can compromise users' private keys.
Hopefully we will see a signer app for iOS developed that will work similar to Amber, and which can be used both for native apps and PWAs. I saw that nostr:nprofile1qyvhwumn8ghj7un9d3shjtnndehhyapwwdhkx6tpdshsz3thwden5te0v33rgetxda382uejd9k8garhx4nk76mrwa3kkvm0dd3hydphxe58z6md09ckgat009ukgmr0xf4rw6tfvajks6mevshxcmmrv9kz7qgwwaehxw309ahx7uewd3hkctcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsz9mhwden5te0wfjkccte9ec8y6tdv9kzumn9wshsz9nhwden5te0wfjkccte9ekk7um5wgh8qatz9uq3vamnwvaz7tm9v3jkutnwdaehgu3wd3skuep0qyghwumn8ghj7mn0wd68ytnhd9hx2tcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcpr9mhxue69uhhwetvvdhk6efwdehhxarj9emkjmn99uq3xamnwvaz7tmsw4e8qmr9wpskwtn9wvhsqgp808eanapv0hhp0u8xhnw03x50n4vj6x0rkxaaylh3el735luc6yxfwryn is going to be making this a priority.
Yes, I’m currently working on a native Nostr signer on iOS. I’ve paused most of my other Nostr work to do this.
Thank you for the further clarification. I wouldn't be surprised if I were the only new Nostrich to want to get a feel for the different apps before narrowing down to daily drivers. Security is a sliding scale, I understand more than the typical layperson, but I am still just a layperson on the subject. #Nostore worked great on the iPad. It wasn't on a list I was previously sent, so I appreciate you pointing me in that direction.
nostr:npub1yaul8k059377u9lsu67de7y637w4jtgeuwcmh5n7788l6xnlnrgs3tvjmf for those of us in the back of the class, what is a signer for Nostr?
Your Nostr private key (nsec…) are secret and unlock access to anything and everything. This key is used to sign events / messages that cryptographically proves that they came from you. You do not want to paste your private key into random apps, especially if they are malicious and steal your private key, or are poorly coded and have bugs that cause you to sign malformed data.
A Nostr signer app allows you to keep your private key stored in exactly one safe and secure place. If you want to use a Nostr client without pasting your raw private key, the client must communicate with the signer in order for it to sign any event or encrypt/decrypt direct messages, etc.
Amber is the only native signer app that exists on Android (NIP-55). No native signer apps exist on iOS — that’s what I’m building. Note that I’m not talking about browser extensions (NIP-07) like Nostore which do work in the same way that I described but only for web clients accessed from the browser.
this Nostr sign app as one key to sig in ( login ) to multiple website using your
Single nsec . It store on the app.
Hmm if you use Google password manager , they save all your password and which website for which password .
For nostr sign app it’s one key 🔑 your private key to sign on different nostr app . If I get it right …