reply on: Nostr will Decentralize the web? : Pippellia's Twitter Thread \ stacker news ~nostr

30 sats \ 5 replies \ @gandlaf21 24 Dec 2022 \ parent \ on: Nostr will Decentralize the web? : Pippellia's Twitter Thread nostr

I agree... in my opinion, signing has to be done outside of the clients. I imagine something like an API on the device, where you can store your keys in a secure enclave, send in the information or message that needs to be signed through said api, and the api returns the signature. this way clients could call the device's api to sign messages, and don't need to store private keys themselves.

20 sats \ 1 reply \ @gandlaf21 24 Dec 2022

https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/protecting_keys_with_the_secure_enclave?language=objc

something like this.

0 sats \ 0 replies \ @siggy47 24 Dec 2022

Yes, perhaps with a way of using an existing private key to avoid having to start over.

10 sats \ 2 replies \ @siggy47 24 Dec 2022

Good point. That makes sense regarding the signing issue. The thread also discusses the real problem that security erodes as you use the same public key continuously.

20 sats \ 1 reply \ @gandlaf21 24 Dec 2022

Yes, key rotation in general. Also, what happens if the Private Key DOES get compromised? There won't be a password reset button, that's for sure.

0 sats \ 0 replies \ @siggy47 24 Dec 2022

I think mine has already been compromised. I don't really care, since I'm keeping no sats in my wallet and I'm just playing around with a throw away identity right now as I experiment. Things will be different when I am ready to set up a permanent presence. I'm still toying with different ideas on security.