Replying to Avatar Derek Ross

Hey! Are you a new Nostrich? Are you practicing safe nsecs?

https://void.cat/d/Ujcm7u44K6uqrcT2K5YGaK.webp

You should never enter your nostr private key (nsec) into web clients. Think of this as your password, but you can't change it, and it's used to post all of your events and notes on nostr. It's very important. You need to keep it safe!

So, if you're using a web client such as snort, primal, coracle, satellite, or iris etc., you should not be entering in your nsec private key into these websites. It's just good security practice! Some web clients won't even function or allow you to sign into them unless you're using a Nostr extension (sometimes referred to as NIP-07).

To help you and your private key stay safe, you may use a web browser extension to hold your key for you and sign your events and notes on nostr on your behalf. The two most popular ones are nos2x and Alby. Nos2x was developed by nostr:npub180cvv07tjdrrgpa0j7j7tmnyl2yr6yr7l8j4s3evf6u64th6gkwsyjh6w6 and is very basic, but to the point. nostr:npub1getal6ykt05fsz5nqu4uld09nfj3y3qxmv8crys4aeut53unfvlqr80nfm has some nice additional features included, such as a being a Lightning wallet, giving you a Lightning address, and a Nostr address.

I personally use them both for different situations. On desktop, I use Alby. On my Android phone with the Kiwi browser, I use nos2x.

If you have questions, do not be afraid to ask! 🤙

Avatar
Sync 2y ago

Just adding to the pile … if you have to for some reason copy an nsec into a browser… copy something random afterwards … keeping your clipboard clean 🧼 also … a Followup question how do Nos2x and alby sign stuff with the secret key without it being exposed ? Multi keys 🔑 🔑?

Reply to this note

Please Login to reply.

Discussion

Avatar
Derek Ross 2y ago

They don't pass the key to the website. They sign the transaction and present the signed transaction to be broadcasted. It works exactly the same way as a Bitcoin wallet works. If you've ever used a Coldcard, Ledger, Trezor, etc.

72
nobody 2y ago

So glad I haven’t been talking out my ass this whole time.

Avatar
Derek Ross 2y ago

🤔

72
nobody 2y ago

Sorry, context. Lol. I thought that was how it worked based on what I’ve read, but you’re the first smart person I’ve caught saying it in my feed. 🤣

Avatar
Derek Ross 2y ago

Avatar
marcp 2y ago

So, we need cold storage/hardware solutions for nostr nsecs. Why provide the private key to alby? just for convenience? Isn't the risk the same?

Avatar
Derek Ross 2y ago

we have them... you can get one from the lnbits shop 😉

Avatar
Sync 2y ago

Also what I was wondering 🙂I figure it’s about trust. Nos2x probably will be safest 😂

Avatar
deafhorse 2y ago

Where can you find the nsec key in GetAlby?

Avatar
Derek Ross 2y ago

accounts -> nostr settings

https://void.cat/d/6vFDdLoBPuEZXJPg7JVTKv.webp

Avatar
Sync 2y ago

Well so far I’ve implemented Alby/Nos2x for the NostrDam meetup but haven’t build any signing parts yet so I only readout the pubkey 🫡 thanks for the update 🔥