Nostr Web Client

Do you think NIP44 is practical for sharing secrets other than Nostr like Bitcoin private key?

NIP44 can be used to share keys only between two parties, such as you and a client software in local, as a cipher key for encryption on the filesystem. The NIP44 encrypted secret is either decrypted in memory on the client machine and used by the client software, or may be sent encrypted to the other party on the network as a multisig such as an LSP or a delegated key to custodial service.

NIP44, as designed, does not require uploading to a relay server. What you need are your NSEC key and the party's NPUB key. If you have access to the relay server, you can get a directory of public keys, but that's not required.

#asknostr

ABH3PO 9mo ago

I think it's good, except that it doesn't have post compromise security, but for practical purposes, and for things where you don't need nuclear grade security, it's actually great.

Reply to this note

Please Login to reply.

Discussion

teatwo 9mo ago

Yup, it's only and just for spending online. Since it is shared between two parties, it has to depend on the security strength of the other party, but how you trust the other party is another matter.

By the way, how much can you deposit into a mnemonic with this kind of mechanism? I would deposit about $10,000...?🤔

ABH3PO 9mo ago

Would depend on the client and the exact people I'm sharing with, if it's just me and it's not going anywhere on my local app that's open source and verifiable, $10k makes sense (since you wouldn't want more than that on device anyway). If it's on relays, there could be a Save Now Decrypt Later attack so not more than $1k , plus it also opens you up to metadata attacks if the events are not relayed properly.

hodlbod 9mo ago

Yeah, I think this makes sense. I would only use it if I were sure that the payload would be deleted when it's no longer needed (or if storage is strictly access controlled). Also, NIP 44 isn't exactly battle-tested, so there could be issues the audit missed.