Nostr

Not all clients store the nsec in client. Many store it in the device keychain and equivalent for Android. They simply reference the nsec where it is stored on device.

Which means when you paste in an nsec, it is not always being stored by the app.

Laan Tungir 1y ago

It is being stored by the app, because unless it is being stored by another application like nos2x or Amber, the client can, and in fact needs to get the nsec back so that it can sign and decode with it.

The app can't just reference it, unless the keychain does the signing and decryption, which I don't think it does, but maybe I'm wrong here?

It is just storing it in a different memory location. It doesn't protect you from the client being malicious.

Reply to this note

Please Login to reply.

Discussion

No replies yet.