Avatar
PABLOF7z 2y ago

Thank you!

Yeah, this model is indeed super powerful and game changer.

I agree that some more feedback between client<>bunker would be beneficial

the current implementation of nsecBunker is extremely protective and won't even talk to unauthorized parties, but perhaps replying with "not authorized" is a good compromise; otherwise the UX is incredibly hard to debug

one more thing I want to add to nsecBunker is notifying the admin-npub when there is some action to be taken (like approve a new client)

Thanks so much for this feedback!

nostr:npub10kxq8tpxwd26ktrdz8herfdtph5e7ha4euxd9k40ahzxzkcr0ltqw6w297

Reply to this note

Please Login to reply.

Discussion

Avatar
Tony 2y ago

I’m really struggling when I can’t see the original post that the reply is being addressed to 😅

Is there hope this will be fixed in the near future?

Avatar
armstrys 2y ago

nostr:note1x7s00rn9w72xhsww500j3qprlfrahz0szj72l4c7347mtdelvglq044pqv

Avatar
PABLOF7z 2y ago

Gossip fixes this

Avatar
armstrys 2y ago

That’s a great idea to notify the admin npub. I would need to rethink my setup a bit - as of now I am administrating with a dedicated key so that I only have my real keys in the bunker!

Avatar
Lou 2y ago

For some reason when I signed in for a year suscription it changed my npub for a reason. Don't know if its a bug or is by default but this was the one returning npub16v6rnswjajcrd62uwqp2rpr9jlcz3vtachy0jlke3azp9mn4jnusy9rrhw

Can't see my stuff lol could you look into it please? Or maybe I'm just doing it wrong. This should be the npub thats attached to the nsecbunker

npub1rr3678k7ajms2sht0cqqeawy86sdd5ahn6akfj8zex9ng82zuh0sz8nywd

Avatar
PABLOF7z 2y ago

Probably easier to just create a new one; I’ll zap you 100” sats and just use the “test” version

Lmk if the current version gives you trouble

Avatar
Lou 2y ago

The thing is I finished the process, I paid the 22k sats and everything, but it returned that npub back for logging.

Let me try doing test

Avatar
PABLOF7z 2y ago

yeah, the npub that you'll receive (the connection string, which looks like bunker://npub...) is an independent npub, is the npub of your bunker

these are the npubs:

admin npub: the npub YOU can use to administrate the bunker

bunker npub: a new npub generated just for you to administrate your bunker

target npub: the npub you want to sign as

(most often admin npub and target npub are the same, but a company might have multiple admins for their "coca-cola" target npub 😉)

Avatar
Lou 2y ago

No luck Pablo :/ I’m stuck at the pink error. It says “”this is taking longer than expected 1/3”. Tried creating a new key, everything works but when it says “generating key” gets stuck in a loop too.

Tried to clear cache, use incognito, using another browser, another OS. Didn’t work in any scenario

Avatar
PABLOF7z 2y ago

heading to bed; ping me in the morning on DMs and let's debug it together 🙏

Avatar
Lou 2y ago

Good night man. Sure! 🫂

Avatar
🫥 2y ago

What if the server is compromised? Can't they just have a malicious code in .js that sends every information(like private key away) to the attacker?

So the client types in the password and it is sent away with the already decrypted or encrypted nsec?

Avatar
PABLOF7z 2y ago

Sure, this is true of any computer keeping a secret or any app where you enter your nsec or your Lightning node keys.

The idea is reducing to a minimum the surface area.

One place where you store your key and everything else uses remotely > entering your nsec on every nostr app

Avatar
🫥 2y ago

What about extension or desktop/phone apps, software. It would be way harder to push any malicious code out as you can have update being restricted to only signed updates that means the doesn't need to trust the server where they get the update from, which is not true for web apps, everytime using webapp they could be served with malicious code. I am not sure about what kind of update security extensions have but with desktop apps and on android this could be achived. The thing with other providers like facebook, twitter and etc is that they do not store an encryption key, if the password gets leaked they can always change it in their db( after they verified the user), which is not possible here as the only verification (and the "source of truth") is the private key.

Avatar
PABLOF7z 2y ago

nsecbunker is not a webapp though 😉

it has a web UI admin interface, but it's fully optional

phones as always-on devices tend to not be reliable enough