Replying to Avatar Niel Liesmons

Just to be sure: You do custody the encrypted nsec (with password 1111 in this case) on your server, right?
Avatar
brugeman 2y ago

Technically that's completely optional addon here. Signing works perfectly fine without this cloud sync capability.

But the 'flow-for-normies' I was imagining was that on signup they get a nip05 name + enter a password, keys are stored on one device and synched to the cloud. Then they go to another device and 'login' by entering the nip05 and password - keys are synched to this new device and now it can sign too. This would make the experience very familiar, advanced users could turn this off and do manual key backups etc.

Sync is end-to-end encrypted, server can't read your plaintext key unless it cracks your password. It works similar to Bitwarden if you heard of it.

Reply to this note

Please Login to reply.

Discussion

Avatar
Niel Liesmons 2y ago

Damn, started designing it based on your concept. Without the NIP-05 and with the bunker-link.

Still wanted to get your thoughts on some ideas already though.

1. Homepage: shows your account, your bunker-link + ability to set password for acroos device-use and shows the connected apps that you can click to adjust permissions/open the app/etc...

2. Pop Up (first time using app): the idea is to directly allow a bunch of basic actions so normies don't have go back and forth between apps, advanced would be things like changing the relay lists f.e.

3. Pop Up for allowing Actions outside of the Basic scope

Also, two questions:

A. Do you have a name for it? Best I can think of is Nsafe, Webunker, Bunkey, Signor, ...

B. Is this kind of style ok? nostr:npub1zfss807aer0j26mwp2la0ume0jqde3823rmu97ra6sgyyg956e0s6xw445 I'm using a serious font for you 😉

I'll draw out the NIP-05 stuff next. #nostrdesign

Avatar
brugeman 2y ago

Oh wow, amazing! I didn't mean to discourage the bunker-link approach - nip05 doesn't remove the bunker-links, maybe when there is an OAuth-like flow we'd get rid of it. The nip05 would just be useful for logging into the Signer on a new device - it's easier to remember than npub.

Pop ups look awesome, nothing to add atm!

I would think on the Your Key section on homepage more:

1. The bunker link is not a 'key' - it's not secret, and we probably shouldn't mix the terminology with private keys.

2. I don't think we need to show the bunker-link on homescreen - it's content is meaningless and only useful rarely to connect a new app.

3. How about a 'Connect app' button that shows a modal with a QR-code of bunker-link, 'Copy' button, and a 'Paste this code to your app' message?

4. Also maybe a 'Cloud sync' button with a checkbox - shows a modal that explains it and asks to enter the password, checkbox turns checked after it was all set up?

5. Maybe we should show the npub under Your key section (instead of bunker-link) - as much as I think it's an awkward thing for normies, we won't get rid of npubs any time soon, and many apps ask for it, so a quick way to see and copy it would be useful. 'What is this' would show a small explainer about npub.

WDYT?

Re. the name - we have nsec.app domain name for it, let's call it 'Nsec app' ? I store my nsec/keys in the nsec app :)

I like the style, could we also have the light theme?

Re. drawing the nip05 stuff - without it user would have to remember their npub and password to login into the Nsec app on another device. The nip05 would simplify it to email-like nip05 and password - much easier to understand and remember. So maybe nip05 could just be displayed under the user's name near the avatar - would help people remember it? And of course on the Nsec app login screen, and maybe on 'import key' screen.

Thank you for your help! #nostrdesign

Avatar
Niel Liesmons 2y ago

Great input sir, makes it a lot better. On it!

1. Just called it "Key" because that's what Snort etc ask for in the field where you paste it. But you're completely right.

4. I drew the "cloud sync" option first but it didn't work in my design, in your idea it does, me gusta.

Btw: I think indeed the way nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft sees it, you can skip the bunker-link entirely and just use NIP-05 + password in general.

Avatar
brugeman 2y ago

Thank you!

Agree, the flow that Pablo is working on would eliminate copy pasting the link

Avatar
alvin 2y ago

The "normies" who want to follow a more conventional path, don't have to know all the cooking, i.e. what goes on behind the scenes ...., they just want it to work and be easy .... and that's fine up to a point.

Now they need a clearer and more understandable explanation, i.e. what steps to follow .... Because otherwise you keep excluding people who want to use the nostr protocol but don't dare.

Slds from Uruguay ⚡🤙🏼🧉

Trad DeepL