Just clarifying since you said “via QR” at the end of your last reply. The text of the bounty says “When this approach is used, prevent export of the key in the app itself to provide better security around someone getting your nsec from your phone being open.”
So prevent export [entirely] just for keys that are imported in this way. Otherwise you go from cold to semi hot keys to fully hot. It’s an imperfect solution while we wait on nip 26 I believe.
Oh, yes... Makes sense. We don't have a separate export block for certain keys, but it shouldn't be hard to create.
#[4] consider removing option to export nsec key that was imported via this cold import method. See GitHub discussion with Vitor and Seth on the bounty.
Vitor said: “We need to figure out how to do that well. Right now there is no difference between this method and others... I am wondering if this should be inside the QR itself, as an NIP19 option.
…
I kinda want to make that a NIP to make sure the behavior is consistent with all apps. It feels weird to block the exporting of something the user knows the app has. I am sure this will trigger a lot of people in the wrong way. If people lose their keys on the main device, but have their keys inside Amethyst, do we just let them rot?”
Re:
#[5]
