pull down to refresh
33 sats \ 4 replies \ @yfaming 31 Jul \ on: Is Sharing Private Key with Websites a Necessary Part of Using Nostr? nostr
I feel the same way. Ideally, there should be a key manager, like a password manager, so apps don’t ever touch — let alone store — our nsec. That way, even if an app has security issues, our nsec stays safe.
Personally, I always keep my nsec in the getAlby extension on the browser. Apps (like Primal) just sign through getAlby and never access the nsec directly.
So you mean I have to trust Alby with the nsec, then it can sign messages for other apps like Iris without exposing the nsec to Iris (example)?
Then two questions
- Is Alby trustworthy enough?
- Do other apps following the Nostr protocol always accept signature from Alby without requiring my private key?
reply
reply
Thanks, does it mean every app using the Nostr protocol can accept signature from Alby (as opposed to storing my nsec)?