Replying to Avatar Crusty 👨‍💻

GM! ☕️

If I understand correctly, when you use a nsec bunker, only your bunker knows your nsec, and each logged in app, will get an own new keypair that it can use to make interactions on your behalf.

But this right can be withdrawn anytime simply.

So if your account is compromised, you can just delete the right of that keypair.

The only real danger is then, that the bunker itself gets compromised, and your real nsec leaks. From that, it is kind of impossible to recover.

So bunker does not solve fully the leak problem, but makes it so much better.

But if you think about it. With power comes responsibility.

#asknostr #grownostr #plebchain
Avatar
boston wine 1y ago

I believe this is correct. What I’m unsure of is whether you can create your new parent/bunker key, and give it “ownership” of an existing keypair.

What I would love to do someday is create an “offline” master nsec, and somehow — like in Bitcoin — use it airgapped to sign a message or otherwise give my nsecbunker admin control over any of my existing primary Nostr keypairs.

So the two contrasts with how I currently understand nsecbunker to function are, 1) offline key generation and storage and 2) delegation/control over existing keys and not simply generating new “child” keys in-app.

This account ( nostr:npub14qz92uedt0a8jte8jqg63jr3s5cc99cej36jh883z6tprlu354uqqe2q26) is my daily driver. It’s my nym and my social graph, whereas my other keys are primarily used for client testing and Other Stuff. I generated this key inside Damus back in 2022: it has never touched another client and I’d love to keep it that way.

Thus my daydream: an offline-generated-and-stored “parent” nsec with the ability to “adopt” child accounts that already exist.

Heh, yo nostr:npub1l2vyh47mk2p0qlsku7hg0vn29faehy9hy34ygaclpn66ukqp3afqutajft what are the chances of this “adoption” thing working in nsecbunker at some point?

Reply to this note

Please Login to reply.

Discussion

Avatar
Crusty 👨‍💻 1y ago

I think you can add nsecs to bunkers, that were not generated there, but it won't have a parent key or so.

I think there are already some way to do airgapped signing, but not sure if it is already convenient.

But you need to keep in mind, that if you have to approve all actions, then it will be really bad UX for decrypting DMs e.g. Except if you can somehow bulk approve.

Amber (android) signer seems to do that btw. The bulking.

Avatar
boston wine 1y ago

Yo - all makes sense. I still need to scope out Amber - been hearing very good things about it