# Nostr Delegations NIP-26 ## Overview, Use Nostr has many clients, and it's common to use multiple clients, e.g. an app on mobile and a web app on larger screens. Or event several. But every client that has your secret key is a securtiy risk. One can use 'read-only' mode in secondary clients, by importing npub only, but then you can't post, reply, like or do any action. A propsed solution is NIP-26 delegations, whereby you use two identities, allowing a secondary client/identity to post on your behalf without risking your main secret key. ## Typical case case details (NIP-26) You have a _primary identity_ with its _primary secret key_, and you have a _primary client_ which is set with this identity. You also have a _secondary identity_ set up in a _secondary client_ (e.g. a web app). You have created a _delegation_ from primary to secondary, meaning you empower the secondary to post on your behalf. The delegation can have an expiry (e.g. one month), and restricted scope (e.g. notes, but no meta change). This way is the secondary identity gets compromised, your primary identity is not. The attacker can post in your behalf, but with the restricted scope, and only up to the exipry. ## NIP-06 Spec Can be found here: https://github.com/nostr-protocol/nips/blob/master/26.md ## Othre related topics [_Nostr Connect_ (NIP-46)](https://github.com/nostr-protocol/nips/blob/master/46.md) is somewhat related: you can use a secondary client with no secrets, and reach out to primary client every time signature is needed. It also supports requesting a NIP-26 delegation from the signer. ## Client Support NIP-26 support is still in very early stage. Currently you can use: [Keystr](https://github.com/keystr/keystr-rs) or [NostrTool](https://github.com/kdmukai/nostrtool) as delegator (create a delegation), and [Gossip](https://github.com/mikedilger/gossip) as delegatee client (import delegation, post with delegations) Table with details: | Client | Description | URL | Create Tag | Enter Tag | Post with Tag | Handle delegated events | Support | | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | | __Damus__ | iOS client | https://damus.io | | | | | in progress | | __Gossip__ | Desktop client | https://github.com/mikedilger/gossip | ❌ | ✅ | ✅ | Partly | Enter DTag, post, show author (Mar4'23) | | __Keystr__ | Nostr Keystore, desktop app | https://github.com/keystr/keystr-rs | ✅ | ❌ | n.a. | n.a. | Can create | | __NostrTools__ | Dev tool, web app, or local web | https://nostrtool.com/ https://github.com/kdmukai/nostrtool | ✅ | ❌ | ✅ | n.a. | Can create, aplha | | __Snort__ | Web client | https://github.com/v0l/snort | ❌ | ❌ | ❌ | ✅ | | ### Libraries Support * [`rust-nostr`](https://github.com/rust-nostr/nostr), a Rust library, supports delegation tag operations (create, validate) ([link](https://github.com/rust-nostr/nostr/blob/master/crates/nostr/src/nips/nip26.rs)) (Feb24'23). * [`nostr-types`](https://github.com/mikedilger/nostr-types), a Rust library, has basic support (delegation tag & condition parsing/serialization) (Mar3'22). ------------ Find me on Nostr optout@nostrplebs.com npub1kxgpwh80gp79j0chc925srk6rghw0akggduwau8fwdflslh9jvqqd3lecx