I'm not an expert on the key management topic, that's why I'm looking for advice.
My Nostr keys were generated by a browser extension on my PC. My PC is connected to the internet, so it is a hot wallet
Is there a better way to generate the keys or to hold keys offline and be able to post notes on clients as Primal?
Thanks
Remote signer like Amber for Android you are asking for.
The option bunker is also very interesting, even if not very reliable for me.
You might check out this as well to create keys either in browser or on local machine offline
Amber is fantastic, seriously @Bitcoiner1 if you don't use Amber you're missing out
As far as I know, using Amber is still a hot wallet, your keys are on the phone...or am I missing something else?
@Bitcoiner1 did you checked out the Nostr hardware signing device mentioned above?
it can be in a separate dedicated phone that's only for amber
you might want to look into remote signing or even frostr by @bitcoinplebdev and @cmd
This just came back to my mind.
Nostr signing device
https://shop.lnbits.com/product/nostr-signing-device
Ideally, one would generate a master private key in a cold wallet and then use that one to sign subkeys that could ne used from a browser extension and with a limited validity period. If compromised, just sign a revokal and a new subkey with the master one.
Does something like this exist? In PGP there's something like that.
So, it works as the BIP 85? From one pair of keys, you can generate child keys...
Something like that yes. But with the difference of intentionally linking the master and the children.
I wish I could generate Nostr keys with my Coldcard Q.
Signing would be a pain though.
Surely you can generate keys from keys, so I can have a private key that controls multiple private keys.
Then I'd have an air-gapped store of all if my identities online, from which I can derived them again if I lose any particular private key, if I know the derivation path for constructing these private keys?
That's the part I'm missing. It's not only about deriving the keys but about a NIP that enables the issuing and revokal flow for a seamless experience of other users.
Is this possible already?