Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why no Nip49 signer? #216

Open
manimejia opened this issue Apr 26, 2024 · 5 comments
Open

Why no Nip49 signer? #216

manimejia opened this issue Apr 26, 2024 · 5 comments

Comments

@manimejia
Copy link

Seems to me, an NDKSigner that dynamically decrypts an encrypted private key ONLY for signing events could be useful? Am I missing something?

  • pasting ncrypt into web browser clients is LESS BAD than pasting nsec, and allows for MORE login options

  • if raw nsec is NOT stored (even in memory) by client, ncrypt login becomes even more secure. (different from but maybe not worse than Nip07?)

  • Signer could store an "ACL" (like Nip07 implementers do, but encrypted in local storage and decrypted upon next login) for granting access to certain events without having to decrypt the ncrypt (ask for password) every time.

  • Password need not be stored or managed by client implementors. Password input (and event auth) UI could be handled BY the signer (unlike Nip07 signer) via an NDK svelte component for easier implementation.

Am I missing something?

https://github.com/nostr-protocol/nips/blob/master/49.md
@manimejia
Copy link
Author

Just asking before I head down the rabbit hole of writing one...

@erskingardner
Copy link
Collaborator

Hey - there isn't any reason that this doesn't exist in NDK yet other than the fact that neither @pablof7z or I have had any reason to write it yet.

From reading through the NIP, I'm still not 100% clear I understand the UX of using one of these ncrypt keys, can you give me an example?

@manimejia
Copy link
Author

My own use case is as an "interim" solution to nip46. Allows login with U&P and providing PRIVATE key storage for onboarding new accounts.

  • server side nip46 implementations (nsecbunker) have access to private key.

  • client side implementations (nsec.app) do not play well (are "not recommended" by brugeman) for new account creation.

So my solution would be to implement (yet another) Nostr login flow to the mix. With an "ncrypt" signer (that could keep private nsec OUT of storage completely), people COULD safely paste encrypted keys between web clients.

Here's a link for you (to present and edit invites to your friends)

https://nostrmeet.me?jeffg@jeffg.fyi

And for people you wanna invite to Nostr.. (where the QR lands people to create accounts in the manner described above)

https://nostrmeet.me/jeffg@jeffg.fyi

And for people who have CREATED accounts (in the manner above), they can login with U&P on the home page, where ncrypt will be downloaded and decrypted on request (currently stored in hot app memory... but with a signer this could be handled better)

https://nostrmeet.me

@erskingardner
Copy link
Collaborator

Ok cool. Makes sense. It would be great if you wanted to create a PR for this - I think you'd be able to follow the NDKPrivateKey code as a template.

@manimejia
Copy link
Author

Will do. Thanks for taking a look and considering my idea ahead of time...

@manimejia manimejia mentioned this issue Jun 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erskingardner @manimejia