Safe them on a secure location / device. Treat it like a Bitcoin private key. Paper in a safe? Flash drive in a safe? #[2] is working on an update to ColdCard for eventual support.
Discussion
Technically you can use BIP85 on COLDCARD now. Just select 32 byte HEX.
And never enter directly it in a web based client. Use NOS2X extension for example. Or a native app.
I just posted about this actually :)
The future of login imo. 1 seed, managed and used with an hardware device like coldcard for example to post notes on nostr.
interesting.
Does it mean you need to sign on the device every time you want to post?
No, you just derive your nostr privkey from your coldcard seed. So as long as your seed is backed up securely, no need to backup nostr key.
Doesn’t protect against nostr key being compromised of course.
Yeah that’s my biggest concern, you have to hope the client doesn’t leak it
Delegation will solve it soon hopefully
How would this work?
Haven’t explored this much yet, but I think the idea is:
- Key A signs a message saying “key B is allowed to post as me for X amount of time”
- Key B can be used on behalf of key A until the delegation expires
- Key A never needs to be entered into a website
- When delegation expires, key A can delegate to key C etc.
I think I saw the SeedSigner guys thinking of impelmenting it.
That sounds brilliant. Would it be possible for Key A to remove the delegation to Key B at anytime? This could mitigate all risks in the event Key B gets compromised without having to wait for the delegation time frame to expire.
https://coldcard.com/docs/bip85
Doesn’t cover nostr specifically yet but gives you an idea how it works.
