pull down to refresh

How to Use My Nsec Securely from My Android Device?
994 sats \ 7 comments \ @spiderman 7 Aug nostr
So, I signed up to get an nsec on Nostr and backed it up securely on my laptop (running Linux Mint Debian, regularly updated and upgraded, and hence I believe as secure as it can be).
I also installed the Nos2x extension on my Google chrome (on the same device) and gave it the nsec so that it can sign events on my behalf. Is that a secure way to do it?
Now, what if I want to use the same nsec from my Android device (Samsung, regularly updated)? I downloaded an app called Amethyst, but have not set anything up. Is that the correct way to go with it? The core questions I have are
  • Is Amethyst the Android counterpart of Nos2x extension on my laptop browser? Will Amethyst sign the events?
  • Is Amethyst itself trustworthy enough? Or should I go for something else? I have not polluted my nsec yet, so I can still jump ship if necessary
  • What is the most secure way to copy the nsec to Amethyst or any signer app on my Android? Obviously it is stupid to transfer via Google drive or email, then what other trustless way can I opt for?
write
preview
related posts
33 sats \ 0 replies \ @itsrealfake 7 Aug
amber app from zap.store
or nsec.app from browser
reply
10 sats \ 1 reply \ @hasherstacker 7 Aug
You're already thinking along the right lines by being cautious about how you handle your nsec—great! I would highly recommend checking out Amber. Unlike full-featured Nostr clients, Amber is a lightweight signer app designed specifically for secure key handling. It separates your nsec from your main client and communicates over NIP-46, which adds an extra layer of safety. You can pair Amber with other Nostr clients via remote signing without ever exposing your private key to them. That’s arguably the most secure path on mobile.
reply
10 sats \ 0 replies \ @spiderman OP 7 Aug
So Amber does the same thing in Android as what nos2x does in my desktop?
The only question is, how do I pass the nsec from my desktop to Amber on my phone then?
reply
10 sats \ 0 replies \ @2053456d48 7 Aug
You can just generate any nsec and start using Amethyst in your android application as well in the web app.
reply
10 sats \ 2 replies \ @nolem 7 Aug
The core questions I have are
  • Is Amethyst the Android counterpart of Nos2x extension on my laptop browser?

No Amethyst is a Nostr client and it's probably the best Android client available

  • Will Amethyst sign the events?

Amethyst will sign the events if you input your nsec directly into Amethyst which is one option

  • Is Amethyst itself trustworthy enough? Or should I go for something else? I have not polluted my nsec yet, so I can still jump ship if necessary

Personally I would trust Amethyst but you don't have to, you can use the Amber signer on Android to log in to Amethyst, which means you have to trust Amber instead lol, If you're super paranoid I guess the only alternative is to build your own signer app

  • What is the most secure way to copy the nsec to Amethyst or any signer app on my Android? Obviously it is stupid to transfer via Google drive or email, then what other trustless way can I opt for?

you must have had access to your nsec in order to input it into nos2x right? If I were you, I'd write it down on paper and manually type it into Amber. That's if you trust Amber of course or Amethyst lol. It's definitely prudent to be overly cautious ⚠️ and I commend you for doing so.

One other option is to create a burner nsec you're willing to lose and have a play around with Amber and Amethyst until you become accustomed to it.
Use this one if you wish, I just created it, but discard it when you're done and delete it forever.
nsec1n73spfxfwkfulgrsl9ms26cpgkf7kygttxhenujs4vyexwxvx9pqkfyqa7
Don't trust anyone and don't use this nsec if you don't want to.
reply
0 sats \ 1 reply \ @spiderman OP 8 Aug
Many thanks for the detailed clarifications. So Amethyst can not sign for other Nostr clients?
As an example, if I want to post in Primal from my Desktop, then nos2x signs it, hiding the nsec from Primal.
But if I want to post on Primal from my phone, then I have to trust Amber (let's say I do) to sign it, not Amethyst? Amethyst is just another app like Primal itself?
I am not super paranoid, and probably I would go ahead and trust Amber (after doing a bit of reading), but in my mind, I want to get it clear who exactly am I trusting.
After all, I am still trusting my Linux desktop to keep my nsec secure and not send it to someone.
reply
0 sats \ 0 replies \ @nolem 8 Aug
Many thanks for the detailed clarifications. So Amethyst can not sign for other Nostr clients?

essentially Amethyst and Primal and all the other clients are gateways into Nostr, because you are broadcasting the note via relays. So if you post 'GM' in Amethyst it shows up in Primal and all the other clients, and if you post 'GM' in Primal it shows up on Amethyst and all the other clients

As an example, if I want to post in Primal from my Desktop, then nos2x signs it, hiding the nsec from Primal.

correct

But if I want to post on Primal from my phone, then I have to trust Amber (let's say I do) to sign it, not Amethyst? Amethyst is just another app like Primal itself?

correct

I am not super paranoid, and probably I would go ahead and trust Amber (after doing a bit of reading), but in my mind, I want to get it clear who exactly am I trusting.

good housekeeping well done

After all, I am still trusting my Linux desktop to keep my nsec secure and not send it to someone.
reply