pull down to refresh

10 sats \ 1 reply \ @nolem 9h \ on: How to Use My Nsec Securely from My Android Device? nostr
The core questions I have are
  • Is Amethyst the Android counterpart of Nos2x extension on my laptop browser?

No Amethyst is a Nostr client and it's probably the best Android client available

  • Will Amethyst sign the events?

Amethyst will sign the events if you input your nsec directly into Amethyst which is one option

  • Is Amethyst itself trustworthy enough? Or should I go for something else? I have not polluted my nsec yet, so I can still jump ship if necessary

Personally I would trust Amethyst but you don't have to, you can use the Amber signer on Android to log in to Amethyst, which means you have to trust Amber instead lol, If you're super paranoid I guess the only alternative is to build your own signer app

  • What is the most secure way to copy the nsec to Amethyst or any signer app on my Android? Obviously it is stupid to transfer via Google drive or email, then what other trustless way can I opt for?

you must have had access to your nsec in order to input it into nos2x right? If I were you, I'd write it down on paper and manually type it into Amber. That's if you trust Amber of course or Amethyst lol. It's definitely prudent to be overly cautious ⚠️ and I commend you for doing so.

One other option is to create a burner nsec you're willing to lose and have a play around with Amber and Amethyst until you become accustomed to it.
Use this one if you wish, I just created it, but discard it when you're done and delete it forever.
nsec1n73spfxfwkfulgrsl9ms26cpgkf7kygttxhenujs4vyexwxvx9pqkfyqa7
Don't trust anyone and don't use this nsec if you don't want to.
write
preview
0 sats \ 0 replies \ @spiderman OP 2h
Many thanks for the detailed clarifications. So Amethyst can not sign for other Nostr clients?
As an example, if I want to post in Primal from my Desktop, then nos2x signs it, hiding the nsec from Primal.
But if I want to post on Primal from my phone, then I have to trust Amber (let's say I do) to sign it, not Amethyst? Amethyst is just another app like Primal itself?
I am not super paranoid, and probably I would go ahead and trust Amber (after doing a bit of reading), but in my mind, I want to get it clear who exactly am I trusting.
After all, I am still trusting my Linux desktop to keep my nsec secure and not send it to someone.
reply