Nostr Web Client

To let the user be able to assemble his keys, data and code, he needs to store this logic somewhere right? But then if you store this encrypted with the users nsec, then an nsec leak leads to total leak. So how do you make sure, the users nsec leak does not lead to full compromise?

Tim Bouma 5mo ago 💬 1

Every component has its own self-generated nsec. No relation to the users nsec. It’s the job of whatever client to protect the nsecs. I don’t want to store any user data, especially the user’s nsec. If the component nsec is compromised, burn the data asap to another self-generated nsec.

Reply to this note

Please Login to reply.

Discussion

Crusty 👨‍💻 5mo ago

And who stores the component nsec?

Tim Bouma 5mo ago

That's the job of the controlling app to determine.