pull down to refresh

I feel the same way. Ideally, there should be a key manager, like a password manager, so apps don’t ever touch — let alone store — our nsec. That way, even if an app has security issues, our nsec stays safe.
Personally, I always keep my nsec in the getAlby extension on the browser. Apps (like Primal) just sign through getAlby and never access the nsec directly.
So you mean I have to trust Alby with the nsec, then it can sign messages for other apps like Iris without exposing the nsec to Iris (example)?
Then two questions
  • Is Alby trustworthy enough?
  • Do other apps following the Nostr protocol always accept signature from Alby without requiring my private key?
reply
21 sats \ 2 replies \ @k00b 31 Jul
Alby is trustworthy; at least, I trust Alby. Their code is all open source and they've been in bitcoin, and heavily involved in nostr, for a long time now.
The extension won't sign stuff without you giving permission and it will not reveal it to apps.
reply
Thanks, does it mean every app using the Nostr protocol can accept signature from Alby (as opposed to storing my nsec)?
reply
0 sats \ 0 replies \ @k00b 1 Aug
Yes. Nostr signatures are standardized. They're a particular type of cryptographic signature that every nostr app will recognize and accept as yours no matter which app signed your notes.
reply