pull down to refresh

252 sats \ 3 replies \ @zy OP 21 Dec 2022 freebie \ on: What is the best way to secure a Nostr private Key? nostr

As I reflect further on compromised private keys in the context of Nostr, would this be a solution?

  1. Design the protocol to allow use of child private keys that can be rotated when needed (created from an always offline parent private key)
  2. Create a database where users can submit compromised child private keys
  3. Clients check that database and sensor content posted by those keys after the time which they were submitted to the database

Thoughts?

(Happy to discuss / work on this concept further if anyone is interested; and I suppose the above database could be extended beyond just Nostr private keys)

write
preview
30 sats \ 2 replies \ @bitcoiner_since_2013 21 Dec 2022

SQRL is a protocol that does the whole decentralized identity thing, but almost no one uses it because most websites are centralized anyway. It looks to me like its a perfect match for nostr. It's well thought out and handles compromised identities with rekeying using a rescue code.

Seems like everyone is reinventing the wheel these days (unknowingly), but it looks to me like the solution is already there, its just needs to be made nostr friendly/compatible.

SQRL intro Q&A:
https://sqrl.grc.com/pages/introductory_questions_and_answers/

reply
10 sats \ 1 reply \ @el_zonte 22 Dec 2022

lnurl-auth is simpler and builds on the key management already available in ln wallets
https://fiatjaf.com/e0a35204.html

reply
1 sat \ 0 replies \ @bitcoiner_since_2013 22 Dec 2022

Interesting! I didn't know about the added complexity due to fishing

reply