So, I signed up to get an nsec on Nostr and backed it up securely on my laptop (running Linux Mint Debian, regularly updated and upgraded, and hence I believe as secure as it can be).
I also installed the Nos2x extension on my Google chrome (on the same device) and gave it the nsec so that it can sign events on my behalf. Is that a secure way to do it?
Now, what if I want to use the same nsec from my Android device (Samsung, regularly updated)? I downloaded an app called Amethyst, but have not set anything up. Is that the correct way to go with it? The core questions I have are
- Is Amethyst the Android counterpart of Nos2x extension on my laptop browser? Will Amethyst sign the events?
- Is Amethyst itself trustworthy enough? Or should I go for something else? I have not polluted my nsec yet, so I can still jump ship if necessary
- What is the most secure way to copy the nsec to Amethyst or any signer app on my Android? Obviously it is stupid to transfer via Google drive or email, then what other trustless way can I opt for?
No Amethyst is a Nostr client and it's probably the best Android client available
Amethyst will sign the events if you input your nsec directly into Amethyst which is one option
Personally I would trust Amethyst but you don't have to, you can use the Amber signer on Android to log in to Amethyst, which means you have to trust Amber instead lol, If you're super paranoid I guess the only alternative is to build your own signer app
you must have had access to your nsec in order to input it into nos2x right? If I were you, I'd write it down on paper and manually type it into Amber. That's if you trust Amber of course or Amethyst lol. It's definitely prudent to be overly cautious ⚠️ and I commend you for doing so.