pull down to refresh

How to Use My Nsec Securely from My Android Device?
994 sats \ 5 comments \ @spiderman 23h nostr
So, I signed up to get an nsec on Nostr and backed it up securely on my laptop (running Linux Mint Debian, regularly updated and upgraded, and hence I believe as secure as it can be).
I also installed the Nos2x extension on my Google chrome (on the same device) and gave it the nsec so that it can sign events on my behalf. Is that a secure way to do it?
Now, what if I want to use the same nsec from my Android device (Samsung, regularly updated)? I downloaded an app called Amethyst, but have not set anything up. Is that the correct way to go with it? The core questions I have are
  • Is Amethyst the Android counterpart of Nos2x extension on my laptop browser? Will Amethyst sign the events?
  • Is Amethyst itself trustworthy enough? Or should I go for something else? I have not polluted my nsec yet, so I can still jump ship if necessary
  • What is the most secure way to copy the nsec to Amethyst or any signer app on my Android? Obviously it is stupid to transfer via Google drive or email, then what other trustless way can I opt for?
write
preview
related posts
33 sats \ 0 replies \ @itsrealfake 13h
amber app from zap.store
or nsec.app from browser
reply
10 sats \ 1 reply \ @hasherstacker 21h
You're already thinking along the right lines by being cautious about how you handle your nsec—great! I would highly recommend checking out Amber. Unlike full-featured Nostr clients, Amber is a lightweight signer app designed specifically for secure key handling. It separates your nsec from your main client and communicates over NIP-46, which adds an extra layer of safety. You can pair Amber with other Nostr clients via remote signing without ever exposing your private key to them. That’s arguably the most secure path on mobile.
reply
10 sats \ 0 replies \ @spiderman OP 15h
So Amber does the same thing in Android as what nos2x does in my desktop?
The only question is, how do I pass the nsec from my desktop to Amber on my phone then?
reply
10 sats \ 0 replies \ @2053456d48 22h
You can just generate any nsec and start using Amethyst in your android application as well in the web app.
reply
0 sats \ 0 replies \ @nolem 6h
The core questions I have are
  • Is Amethyst the Android counterpart of Nos2x extension on my laptop browser?

No Amethyst is a Nostr client and it's probably the best Android client available

  • Will Amethyst sign the events?

Amethyst will sign the events if you input your nsec directly into Amethyst which is one option

  • Is Amethyst itself trustworthy enough? Or should I go for something else? I have not polluted my nsec yet, so I can still jump ship if necessary

Personally I would trust Amethyst but you don't have to, you can use the Amber signer on Android to log in to Amethyst, which means you have to trust Amber instead lol, If you're super paranoid I guess the only alternative is to build your own signer app

  • What is the most secure way to copy the nsec to Amethyst or any signer app on my Android? Obviously it is stupid to transfer via Google drive or email, then what other trustless way can I opt for?

you must have had access to your nsec in order to input it into nos2x right? If I were you, I'd write it down on paper and manually type it into Amber. That's if you trust Amber of course or Amethyst lol. It's definitely prudent to be overly cautious ⚠️ and I commend you for doing so.

One other option is to create a burner nsec you're willing to lose and have a play around with Amber and Amethyst until you become accustomed to it.
Use this one if you wish, I just created it, but discard it when you're done and delete it forever.
nsec1n73spfxfwkfulgrsl9ms26cpgkf7kygttxhenujs4vyexwxvx9pqkfyqa7
Don't trust anyone and don't use this nsec if you don't want to.
reply