Does it mean you need to sign on the device every time you want to post?
Discussion
No, you just derive your nostr privkey from your coldcard seed. So as long as your seed is backed up securely, no need to backup nostr key.
Doesn’t protect against nostr key being compromised of course.
Yeah that’s my biggest concern, you have to hope the client doesn’t leak it
Delegation will solve it soon hopefully
How would this work?
Haven’t explored this much yet, but I think the idea is:
- Key A signs a message saying “key B is allowed to post as me for X amount of time”
- Key B can be used on behalf of key A until the delegation expires
- Key A never needs to be entered into a website
- When delegation expires, key A can delegate to key C etc.
I think I saw the SeedSigner guys thinking of impelmenting it.
That sounds brilliant. Would it be possible for Key A to remove the delegation to Key B at anytime? This could mitigate all risks in the event Key B gets compromised without having to wait for the delegation time frame to expire.
https://coldcard.com/docs/bip85
Doesn’t cover nostr specifically yet but gives you an idea how it works.