GM Nostr! 🌞 What are people using for remote signing to give multiple people access to an nsec these days?
Discussion
GM 🫂☕ Jeff
Amber te sirve?
No, Amber works locally for a single user, I need it to be remote signing for many users.
I vaguely remember someone building a USB-based remote signing bunker...jeez I wish I could remember who because now I want one.
https://github.com/blackcoffeexbt/hardware-nostr-connect-device
We're selling them on the LNbits shop but not quite ready to ship yet. Very soon.
Have you seen https://gitlab.com/soapbox-pub/knox ?
I hadn't! Thanks.
GM
GM
Morning
I was playing with that yesterday. It’s really nice. Doesn’t do different permissions levels though.
Is nsec.app not fit for that?
It's not built to work across lots of different people though is it? Think business use case where different users need to have different permissions but use the company nsec...
Give them each a bunkerUrl, set perms to each - should work. You can even set an npub of the user you shared it with - will group conns of that user in UI
I'm not seeing permissions anywhere. Just the bunker URL and the npub sharing field.
Also, just to make sure I'm clear. The actual private key is stored on an nsec.app server somewhere right? And when you're "syncing" to a device you're just connecting that device with a new client-side keypair and giving it access?
First you generate bunker url, then paste it to app, then confirm connection in nsec.app - that's when you can alter requested permissions, and also after the connection is created you can edit the perms.
Server is only used for e2ee sync of keys encrypted with your password. Actual signing is done on the client. It's non custodial.
So each user ends up with the keys on their device?
No, you don't give your password to anyone, you just give users one or more bunker urls, each of those is a separate connection with a separate set of permissions.
And nsec.app on your devices will be woken up by push API when any app wants to access the keys. If all your devices are offline then it won't respond. For business use case I'd suggest trying our hosted version - install it on your office server/umbrel etc with docker and it will be always online.
Do you have docs on the docker setup?
There's only this: https://github.com/nostrband/noauth#running-hosted-version-with-docker