Nostr Web Client

the answer is simply, never to put keys into web apps. Use external signers (not extensions).

Native apps (amethyst/damus) could provide this facility, or the upcoming signing server from nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft

Is there a write up of how the signing server works?

Reply to this note

Please Login to reply.

Discussion

there's this, although I personally got stuck after the docker command

https://habla.news/a/naddr1qq9xuum9vd382mntv4eqzxthwden5te0wfjkccte9ehx7um5wf5kx6pwd3skueqpr9mhxue69uhhqatjv9mxjerp9ehx7um5wghxcctwvsq32amnwvaz7tmwdaehgu3wd9hx7um5vyhxxccpz4mhxue69uhkummnw3ezumtfd3hh2tnvdakqz9nhwden5te0wfjkccte9ehx7um5wghxyctwvsq3qamnwvaz7tmwdaehgu3wwa5kuegpvemhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0dec82c33xpshw7ntde4xwdtjx4kxz6nwwg6nxdpn8phxgcmedfukcem3wdexuun5wy6kwunnxsun2a35xfckxdnpwaek5dp409enw0mzwfhkzerrv9ehg0t5wf6k2qgkwaehxw309a3xjarrda5kuetj9eek7cmfv9kqzxnhwden5te0wfjkccte9ehhyctwvajhq6tvdshxgetkqyd8wumn8ghj7un9d3shjtnwdaehgunsd3jkyuewvdhk6qguwaehxw309a6ku6tkv4e8xefwdehhxarjd93kstnvv9hxgqguwaehxw309ahx7um5wghx6at5d9h8jampd3kx2apwvdhk6qg4waehxw309ajkgetw9ehx7um5wghxcctwvsq3samnwvaz7tmjv4kxz7fwdehhxarjv96xjtnrdaksygrlts45uj9qa8lv5caydvfumwpy386qyquc6c9zqu9fdr92sxxht5psgqqqw4rs4a77p5?ref=nobsbitcoin.com

there's also NIP 46

https://github.com/nostr-protocol/nips/blob/master/46.