To Native Nostr App Developers:
If you are making a Nostr native app and you ask me to type my private key in, it will not happen.
Damus is the only one Iโd give the benefit of the doubt and thatโs because I trust William wonโt knee-cap Nostr by leaking everyoneโs private key.
Please consider implementing Keychain support on iOS or work on a simple Nos2x native app.
Keychain is a brilliant idea
Can you elaborate on the difference between logging in with oneโs pub key vs both pub and private keys? Is it that you can read but not write without the private key?
Precisely this. The private keys provides the signature to sign the notes.
๐ฏ And Damus recognizes your iOS keychain for filling in your key. I have a couple of keys saved in my keychain and use that to switch accounts quickly.
Does that mean damus doesn't have access to that key? I don't think so.
Keychain is only going to save you from copy/pasting it but not from your key leaking.
You could use the share feature to share an unsigned bot with the signer. Then the signer shares back the signed message. The native app needs to save the context so when it gets back the signature or signed message it knows how to use it.
Correct and good point. Itโs just a quicker way of entering the nsec without having to manually copy/paste or type it.
What do you mean keychain support? Damus stores the nsec in your keychain
I think he means: integrate with iOSโ password manager. Treat the nostr public key as the username and private key as password โ tada!
That way iOS still hands over the password to the app so its still possible for the app to leak the keys
Yup I know, I mean other native apps that are coming up asking me to type my private key on their app.
Either their account creation doesnโt work or they only let me type a private keyโฆ either way I just end up uninstalling them because of that.
On-boarding experience is key ๐
so what does plebstr do with our private key pls?
Add a 2FA to the nsec. At least you still have control if they are leaked
How?
No idea, this doesn't make any sense to me
When you are creating a key pair ask for a passphrase.
Is there a way to set the passphrase after-the-fact?
Still doesn't make sense to me. What does the password do and how does it protect the nsec in any way?
The first framing that needs to be fixed here is your nsec is NOT a password. Itโs a private key.
Itโs useful to use the password analogy especially for people unfamiliar with it.
You use your private key to sign your events. Right now thatโs it.
You donโt โauthenticateโ with any server (this may change with some relays).
Not sure how a 2FA system would work here because youโre not authenticating into a system in the traditional sense.
I think key delegation and UX updates will help solve what I think you are describing.
I understand that. My idea is to create the ability to generate a new revocable signing key based on your private key for each client or application.
this is just nip26 and it does not involve passwords
Right. So how do we generate our own keys to use on Nostrgram for example without exposing the nsec?
A new keypair is generated to be used in nostrgram.
Via NIP-26 a delegation token is signed by the original privkey.
That token allows the new privkey to sign certain events during certain time on behalf of the original privkey.
You still expose your nsec when you sign up the first time. I want to be able to generate a key pair myself not a token
You don't expose it.
You sign the delegation token with the original client where it's installed.
I donโt get it, Your private key is being used to login. How do you eliminate that part?
Ok, let's see it with an example:
Initial situation:
- you have a nostr client using a keypair.
- you want to use another nostr client but you don't want to assume the risk of introducing the privkey in the new client.
Here comes NIP-26 to help:
- you log in the new client with a brand new keypair (ideally the new client guides you to create this new keypair automatically)
- you create a token in the first nostr client, signed by the original privkey, that allows the new privkey to publish events on behalf of the original privkey (with some limits: event kinds, time, etc)
- you configure the delegation in the new client introducing the token.
- you can now publish from the new client signing with the new keypair, on behalf of the original keypair (the published event includes the token so that everybody can check that it's allowed)
Does it make sense?
But what client can I use offline to generate a delegation key?
You mean what nostr clients allow you to generate NIP-26 tokens while being offline right now?
None that I knew of, tbh.
Yes. So you are still exposing your nsec, thatโs what I want #[4]โ to build into #[9]
Damus doesn't work offline.
Do you want Damus to be the "new client" that publish events on behalf of another keypair?
No. A client that can generate slave private keys from a master private key.
Apologies in advance if I get this wrong.
What it sounds like is building the equivalent of an xpriv.
Youโd probably need some sort of offline signing device to do this like the Bitcoin wallets institute. The master key needs to live โsomewhereโ.
On the web clients the NIP-07 carry the nsec and only takes in data to sign, never exposing the private key.
Iโm not an iOS expert and donโt know how youโd do this with a native app.
No. It is like generating app specific passwords from a master password.
Stored in keychain? Thatโs cool. So itโs not stored in the app itself?
What if you have two Apple devices with the same Apple ID but different Damus key pairs? Are they saved as separate entries in keychain?
Do you mean Passkey? https://support.apple.com/guide/iphone/sign-in-with-passkeys-iphf538ea8d0/ios
Because if you meant keychain, all that does is make signing in more convenient because it recognizes your private key as a password and saves it for auto fill.
Using keychain to then auto fill your nsec into the app is the same as inputting the nsec yourself, just automated. Zero difference security wise.
As long as the app is open source and the nsec is only stored locally on your phone, thatโs way better than directly putting your nsec in a web client, because browsers arenโt as secure and can be leaked.
Something like Passkey. Does it support secp256k1?
#[2] please don't knee cap us ๐ฑ
Exactly.
Blockcore Notes allows import of private key, stored encrypted with a personal password (protected by Keychain), but the key itself is not in the keychain (username is the npub). There are also two ways to handle actions using the key, right now the user need to unlock the key for every single signing. I don't know if I should implement support for "autosign for 10 minutes" or something allowing users to not use password for each signing.
Nostr Connect and NIP-26 support will arrive soon too, then I think all bases are covered? Public Key, Private Key (hex and nsec, import with copy/paste or QR code scanning), Secret Recovery Phrase (mnemonic to private key), Extension (NIP-07). I'm looking forward to doing NIP-26 support.
