Replying to Avatar Crusty 👨‍💻

The more I think about nsec/privatekey security, the more I bend towards:

- keyrotation and

- delegation

So an ideal scenario is:

- You would have an offline keystorage. Can be an old phone with a secure enclave/trusted execution environment/secure element, that you wipe, and put in offline mode forever.

- This would store your "master" key.

- Then you create a delegated key for your current phone. (also in secure enclave)

- Authorize this key with your other key.

- Then you use your phone for signing is usual.

The rotation can come in, by enabling delegated keys for a certain time only, then you create a new one.

Rip this idea off please.

#asknostr #nostr
Avatar
🇵🇸 whoever loves Digit 6mo ago

I won't rip it off but I'll add it to my txt file on how to improve nostr and credit your npub

Reply to this note

Please Login to reply.

Discussion

No replies yet.