Avatar
teatwo 1y ago

IDEAL

- ONE npub with TWO nsec

- As usual by "1 of 2", you sign with one nsec

- another nsec is for recovery, in case you need to revoke the usual nesc

- replace the revoked key to new key keeping1 of 2

- you will sign with new one nec and others keep to verify with the same npub

So you get the key rotation without monitoring revoke list.

Reply to this note

Please Login to reply.

Discussion

Avatar
teatwo 1y ago

by the way, it's just for "signature". to decrypt the past encryptions, you will also need something of revoke list/key history.(though it is probably enough in even personal store)