Nostr has many clients, and it's common to use multiple clients, e.g. an app on mobile and a web app on larger screens. Or event several.
But every client that has your secret key is a securtiy risk.
One can use 'read-only' mode in secondary clients, by importing npub only, but then you can't post, reply, like or do any action.
A propsed solution is NIP-26 delegations, whereby you use two identities, allowing a secondary client/identity to post on your behalf without risking your main secret key.
You have a primary identity with its primary secret key, and you have a primary client which is set with this identity.
You also have a secondary identity set up in a secondary client (e.g. a web app).
You have created a delegation from primary to secondary, meaning you empower the secondary to post on your behalf.
The delegation can have an expiry (e.g. one month), and restricted scope (e.g. notes, but no meta change).
This way is the secondary identity gets compromised, your primary identity is not. The attacker can post in your behalf, but with the restricted scope, and only up to the exipry.
Can be found here: https://github.com/nostr-protocol/nips/blob/master/26.md
Nostr Connect (NIP-46) is somewhat related: you can use a secondary client with no secrets, and reach out to primary client every time signature is needed. It also supports requesting a NIP-26 delegation from the signer.
NIP-26 support is still in very early stage.
Currently you can use:
Keystr or NostrTool as delegator (create a delegation), and
Gossip as delegatee client (import delegation, post with delegations)
Table with details:
| Client | Description | URL | Create Tag | Enter Tag | Post with Tag | Handle delegated events | Support |
|---|---|---|---|---|---|---|---|
| Damus | iOS client | https://damus.io | in progress | ||||
| Gossip | Desktop client | https://github.com/mikedilger/gossip | ❌ | ✅ | ✅ | Partly | Enter DTag, post, show author (Mar4'23) |
| Keystr | Nostr Keystore, desktop app | https://github.com/keystr/keystr-rs | ✅ | ❌ | n.a. | n.a. | Can create |
| NostrTools | Dev tool, web app, or local web | https://nostrtool.com/ https://github.com/kdmukai/nostrtool | ✅ | ❌ | ✅ | n.a. | Can create, aplha |
| Snort | Web client | https://github.com/v0l/snort | ❌ | ❌ | ❌ | ✅ |
rust-nostr, a Rust library, supports delegation tag operations (create, validate) (link) (Feb24'23).nostr-types, a Rust library, has basic support (delegation tag & condition parsing/serialization) (Mar3'22).Find me on Nostr optout@nostrplebs.com npub1kxgpwh80gp79j0chc925srk6rghw0akggduwau8fwdflslh9jvqqd3lecx
or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Syncing
-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe