Replying to Avatar Dikaios1517

I am using Nextcloud, which is open source and which can be accessed by an open protocol called WebDAV. Any application that "speaks" WebDav can be used with my Nextcloud server to access my files. It's pretty awesome.

Now, when it comes to something like Citrine, that can only store Nostr notes, which are all just json text files. You would need something a bit more versatile for storing other types of files, like a Blossom server. Of course, you would also want to have the ability to encrypt those files. I don't think Blossom would reject encrypted files, but encryption and decryption is done client side, so you would need to have a client that can encrypt the file before saving it to the Blossom server.

Now, things get really complicated when you start dealing with multiple keys and encryption. For any "key" that you want to have access to a file, you need to have a separate version of the file saved that has been encrypted to that key.

The other option is to have one key for encrypting files that gets shared to each user you want to have access to that file, but then you need to have the encryption done on a per-file basis, and have a way to securely get that file's key to the users you want to have access to the file. You cannot use the same key to encrypt multiple files or else giving the key to a user so they have access to one file will give them access to all files that use the same key, which may not be desirable.

I think you may not have a clear understanding how nsecbunker works. When you create a remote connection with nsecbunker, it's not really a "child" key that signs instead of your nsec. Instead, it's a separate set of keys that are only used for passing messages between an app that is requesting a signature and your signer application. The "payload" of the message being sent from the app to the signer is an unsigned Nostr note, and the signer then uses your regular nsec to sign it, not any child key or "action key" or anything else you want to call it. Your nsec is the only key that can sign Nostr notes for you, even when using a remote signer. Then the signer app just uses its key to send the signed note back to the app that made the request.
Avatar
Crusty 👨‍💻 6mo ago

1. I also have a nextcloud. And also using WebDAV. Actually, it did not came to my mind to check how that works. Thanks for the hint.

2. I meant here if we have a nostr cloud solution, that apps use. Can store data on any nostr data storage/cloud. However we call it. Then we can just have a simple app like citrine, but for files like blossom. The voilá, you can transfer files with your local server instance without internet.

3. Good enrcyption is not easy.

4. What I meant here is, that nsecbunker has 1+n keys. 1 signs, rest can be created on the fly for all apps seperately, that is used only for communication with nsecbunker. Then bunker sings with the one and only. I would only extend it, with 2 things:

- There would be a "placeholder" account, that has multiple signing keys inside. The placeholder key is only used to manage your keys. (To have multiple keys, and a simple manner to manage them. But I mean, not really important, only if you want some features between accounts of same user.)

- Each connection key could have a max allowed actions. Like you say, it cannot decrypt dms. So if that is requested with that connection, the bunker just declines. (Minimize damage)

Reply to this note

Please Login to reply.

Discussion

No replies yet.