pull down to refresh

5 sats \ 3 replies \ @spiderman OP 31 Jul \ parent \ on: Is Sharing Private Key with Websites a Necessary Part of Using Nostr? nostr

So you mean I have to trust Alby with the nsec, then it can sign messages for other apps like Iris without exposing the nsec to Iris (example)?

Then two questions

  • Is Alby trustworthy enough?
  • Do other apps following the Nostr protocol always accept signature from Alby without requiring my private key?
write
preview
21 sats \ 2 replies \ @k00b 31 Jul

Alby is trustworthy; at least, I trust Alby. Their code is all open source and they've been in bitcoin, and heavily involved in nostr, for a long time now.

The extension won't sign stuff without you giving permission and it will not reveal it to apps.

reply
0 sats \ 1 reply \ @spiderman OP 1 Aug

Thanks, does it mean every app using the Nostr protocol can accept signature from Alby (as opposed to storing my nsec)?

reply
0 sats \ 0 replies \ @k00b 1 Aug

Yes. Nostr signatures are standardized. They're a particular type of cryptographic signature that every nostr app will recognize and accept as yours no matter which app signed your notes.

reply