pull down to refresh

33 sats \ 4 replies \ @yfaming 31 Jul \ on: Is Sharing Private Key with Websites a Necessary Part of Using Nostr? nostr
I feel the same way. Ideally, there should be a key manager, like a password manager, so apps don’t ever touch — let alone store — our nsec. That way, even if an app has security issues, our nsec stays safe.
Personally, I always keep my nsec in the getAlby extension on the browser. Apps (like Primal) just sign through getAlby and never access the nsec directly.
write
preview
0 sats \ 3 replies \ @spiderman OP 31 Jul
So you mean I have to trust Alby with the nsec, then it can sign messages for other apps like Iris without exposing the nsec to Iris (example)?
Then two questions
  • Is Alby trustworthy enough?
  • Do other apps following the Nostr protocol always accept signature from Alby without requiring my private key?
reply
21 sats \ 2 replies \ @k00b 31 Jul
Alby is trustworthy; at least, I trust Alby. Their code is all open source and they've been in bitcoin, and heavily involved in nostr, for a long time now.
The extension won't sign stuff without you giving permission and it will not reveal it to apps.
reply
0 sats \ 1 reply \ @spiderman OP 1 Aug
Thanks, does it mean every app using the Nostr protocol can accept signature from Alby (as opposed to storing my nsec)?
reply
0 sats \ 0 replies \ @k00b 1 Aug
Yes. Nostr signatures are standardized. They're a particular type of cryptographic signature that every nostr app will recognize and accept as yours no matter which app signed your notes.
reply