I recommend using an extension like nos2x or Alby.
Discussion
I need to understand the theory. Does an nsec protect my private key somehow? If so, how? Is it just a signed message? If so, don't you need to know my pubkey? Or is that included in the nsec?
And... To sign up for Badges I'd like to simply send a nostr message to a Badges pubkey.
e.g.
@badges-we-dont-need-no-badges sign-me-up.
>From: cameri at 03/05/23 07:31:54 on wss://atlas.nostr.land
>---------------
>I recommend using an extension like nos2x or Alby.
nsec is just a different representation than the hex of your private key. The only protection it gives you is that it starts with nsec1 so that you know you are pasting a secret instead of a public key.
Yeah, that's what I thought. That doesn't make me feel good. I don't want to be typing that into a web page.
How do the alby/nos2x extensions solve this problem?
>From: cameri at 03/05/23 07:49:08 on wss://atlas.nostr.land
>---------------
>nsec is just a different representation than the hex of your private key. The only protection it gives you is that it starts with nsec1 so that you know you are pasting a secret instead of a public key.
You can download the nos2x extension and trust Fiatjaf, or you can go to the repo and compile it yourself.
You will then paste your hex or nsec private key on the extension settings.
When a website asks you to provide your public key, sign an event or encrypt/decrypt it will use the extensions functions to do it.
The details on how it works are explained here: https://nips.be/07
The extension exposes a few functions that Nostr web clients can use and your nsec never touches their application.
What about if one is using a client in a mobile browser?, I have not been able to see neither Alby nor Nos2x in the iOS App Store.
I think on mobile, a browser called Kiwi lets you install desktop extensions. I’ve never used it but I’ve heard it works.
Thanks I’ll check it out, just looking for alternative options, cheers 👍🏼
I'll try to have nos2x-fox working for Firefox Mobile (thanks to a contribution). Not sure how it will work though.
If I have it running soon, I'll post it here.
New version of nos2x-fox for Firefox mobile just released.
Check this note with instructions:
note:note10sqgdxulup65vrsclaunek2ptgx27ud3as2kwsqgua4dfj38hmhs74rkz6
Trying new method for linking the note
#[7]
#note10sqgdxulup65vrsclaunek2ptgx27ud3as2kwsqgua4dfj38hmhs74rkz6
This is great!
What's great? I must not be on the relays that had the "great" message.
>From: bastero<-Bitkarrot at 03/05/23 17:29:58 on wss://puravida.nostr.land
>---------------
>This is great!
It’s coming 🌚 to a relay near you
😅 I broadcasted the previous messages , hope you can get a better idea of what the conversation was about.
I'm seeing them using Damus. Damus doesn't show me what relays a message comes in on (as far as I can tell.) More-speech isn't seeing them for some reason. Maybe related to my recent #p change. I'm reading everything from eden.nostr.land, nostr.nilou.lol, atlast.nostr.land, and puravida.nostr.landright right now.
>From: cameri at 03/05/23 19:24:15 on wss://nostr.oxtr.dev
>---------------
>😅 I broadcasted the previous messages , hope you can get a better idea of what the conversation was about.
Overall, I’ve learned my lesson about Nostr security here, but specifically for badges.page, what’s the risk level? It’s built by someone well known in the community and used by many. Am I compromised?
Here’s the NIP: https://nips.be/58
There are three events: Badge definition (image, thumbnail, description, etc.), Badge award (list of a and p tags that reference the Badge definition and the awardees), and finally Profile Badges which let you choose which badge awarded to you you’d want to display on your profile (aka accepting a badge).
Anyone can issue a badge and it’s just an event of kind 30009, and to my knowledge there’s no automated process to create them.