Avatar
Moon 2y ago

#[0]

#[1]

Question about key management - Am I expected to just drop my nsec into the Plebstr app to access login?

How it is secured? What risks is one taking logging into Plebstr with their nsec directly (as this appears to be the only option)

Reply to this note

Please Login to reply.

Discussion

Avatar
Asanoha 2y ago

If you are logging into any client on desktop, utilize nos2x extension signer made by fiatjaf. For mobile apps, such as Damus or Amethyst, you have to input your private key directly into the client, as there is no option to use an extension signer.

Avatar
Asanoha 2y ago

Plebtsr appears to need ones private key directly inputted:/

Avatar
SovereignLife 2y ago

If you think of your public key as the "username" and the private key as the password, then it's uncontroversial to enter your password to gain access an app or website.

Avatar
Moon 2y ago

Yeah, that (for the time being) is the biggest different between Bitcoining and Nostring. However, if and as the Nostr protocols grows, spreads, and reputation becomes entrenched here - loss of nostr nsec could still be quite devastating.

Avatar
SovereignLife 2y ago

True.

Avatar
ryzizub 2y ago

We are storing private key on iOS into keychain and encrypted keystore on android (our web version will use web crypto or extensions)

We are also planning to do view only and seperate event signer

Hope that answers the question 😊

Avatar
Asanoha 2y ago

How exactly are you storing one’s private key on iOS? Is it safe to enter my private key into your app?

Avatar
ryzizub 2y ago

as i said, we are saving it into the iOS keychain. Same place where natively in iOS you can save for example passwords. It's safe, but if you do not trust this, we are planning to do other options to sign in, so you can try plebstr later 😊

Avatar
Asanoha 2y ago

Try Nostore app