Nostr View - To Native Nostr App Developers: If you are making

Nostr View

Cameri @Cameri - 3y

To Native Nostr App Developers: If you are making a Nostr native app and you ask me to type my private key in, it will not happen. Damus is the only one I’d give the benefit of the doubt and that’s because I trust William won’t knee-cap Nostr by leaking everyone’s private key. Please consider implementing Keychain support on iOS or work on a simple Nos2x native app.

undefined

undefined

undefined

c49f8 - 3y

Keychain is a brilliant idea

undefined

undefined

undefined

c060b - 3y

undefined

undefined

undefined

The Conscious Contrarian @arcticorangutan - 3y

Can you elaborate on the difference between logging in with one’s pub key vs both pub and private keys? Is it that you can read but not write without the private key?

undefined

undefined

undefined

corndalorian @corndalorian - 3y

💯 And Damus recognizes your iOS keychain for filling in your key. I have a couple of keys saved in my keychain and use that to switch accounts quickly.

undefined

undefined

undefined

Cameri @Cameri - 3y

Yup, we need native apps to raise the bar and stop this recklessness xD

undefined

undefined

undefined

corndalorian @corndalorian - 3y

undefined

undefined

undefined

dr. calle 👁️⚡👁️ @calle - 3y

Does that mean damus doesn't have access to that key? I don't think so. Keychain is only going to save you from copy/pasting it but not from your key leaking.

undefined

undefined

undefined

c369f - 3y

That’s above my pay grade.

undefined

undefined

undefined

30a15 - 3y

Precisely this. The private keys provides the signature to sign the notes.

undefined

undefined

undefined

7560e - 3y

iPhone even has hardware separation for keys. It’s called Secure Enclave, I’ve mentioned it before to mixed response. It means that even application processor kernel root kits cannot access your keys. There is even a dedicated Secure Enclave boot ROM that initialises a memory protection engine. I have no idea why they made this, but they did and it’s not really publicised much. https://support.apple.com/en-gb/guide/security/sec59b0b31ff/web

undefined

undefined

undefined

3b76e - 3y

https://media4.giphy.com/media/QMZpnb79N5BN0wsSM3/giphy.gif?cid=2154d3d70i6s5332stxirl0nl2epjzsxt4eefe3s9n7gvp76&rid=giphy.gif&ct=g

undefined

undefined

undefined

jb55 @jb55 - 3y

What do you mean keychain support? Damus stores the nsec in your keychain

undefined

undefined

undefined

c7063 - 3y

Having the key stored on iOS Native app is much better than storing the key on browser. I think slowly delegated signing will take over..!

undefined

undefined

undefined

corndalorian @corndalorian - 3y

Correct and good point. It’s just a quicker way of entering the nsec without having to manually copy/paste or type it.

undefined

undefined

undefined

b1da0 - 3y

I udnerstand you, lack of documentation in all clients, also to audit them, for beginners is so hard. Since people are mining their pubkeys, it is logical they dont' trust those apps in order to proyect their mined keys. By the way most clients doesn't work on old machines that is why begginers we are using web clients ...

undefined

undefined

undefined

ec162 - 3y

I think he means: integrate with iOS’ password manager. Treat the nostr public key as the username and private key as password ⇒ tada!

undefined

undefined

undefined

ee9aa - 3y

Unfortunately the Secure Enclave only supports secp256r1/NIST P-256 signing algorithm, not the secp256k1 ECDSA algorithm used by Nostr.

undefined

undefined

undefined

Cameri @Cameri - 3y

Yup I know, I mean other native apps that are coming up asking me to type my private key on their app. Either their account creation doesn’t work or they only let me type a private key… either way I just end up uninstalling them because of that. On-boarding experience is key 🔑

undefined

undefined

undefined

7560e - 3y

🤔 Ah that is unfortunate, it sounds like it was developed for something quite specific. Alternatively, Nostore is a safari extension for managing nostr keys.

undefined

undefined

undefined

c02be - 3y

Add a 2FA to the nsec. At least you still have control if they are leaked

undefined

undefined

undefined

c8372 - 3y

Plebstr is saving your private key to keychain too. The suggestions can be done on our site too. Adding to backlog 😊

undefined

undefined

undefined

Showing page 1 of 1 pages