With what messaging service can I sign a message with an offline computer? \ stacker news ~tech

pull down to refresh

With what messaging service can I sign a message with an offline computer?

193 sats \ 13 comments \ @libertas 10 Jan tech

If I don't want to trust that the computer I'm using isn't compromised in any way (e.g. keyloggers) and so, encryption is not enough, how could I create a message with an offline computer, then transfer it to the online computer after the message has been signed? Are there any applications that do this?

view all related items

120 sats \ 8 replies \ @NostrDevTeam 10 Jan

With SIGit there is an offline flow

You sign the file(s) with your Nostr key (eg browser extension) then transfer the encrypted result using preferred mechanism (eg usb pen drive)

300 sats \ 7 replies \ @justin_shocknet 10 Jan

Using a browser extension for anything that's supposed to be private or secure is next-level retarded

0 sats \ 3 replies \ @NostrDevTeam 10 Jan

Agreed that browser extensions are generally bad, but what would be the retarded part about using it in an offline computer?

for info, SIGit also supports remote signer flow (which could work on, say, an air gapped mobile with amber and citrine)

0 sats \ 2 replies \ @justin_shocknet 10 Jan

If the goal is signing/encrypting then there's command line nostr tools for that, browser extensions that do that are simply unfit to exist... may as well just use custodial nostr or trust the web client which is all the extension is anyway but with more storage access..

Unfamiliar but found it, https://sigit.io/ - links help when shilling...

Not quite sure I get it, it's a composer decoupled from the signer? Why can't I use it without logging in? Shouldn't the purpose of this be to give me something to sign externally?

17 sats \ 1 reply \ @NostrDevTeam 10 Jan

It's a document signing tool on Nostr

Whilst not the primary purpose, it does let you sign a message (eg pdf or word doc) with an offline computer - so long as you have an offline signing mechanism (ie, on the same computer)

The sanctum tool you shilled looks great. Is it available for offline deployment?

0 sats \ 0 replies \ @justin_shocknet 10 Jan

I like the docusign/envelope concept, consider having the option of just outputting the raw events without a log-in... I don't expect many are/will take to URI based signers like nsecapp/amber that require a native proto handler

The management console is SaaS, but on the board is self-hosted signer to plug into it so you don't need to trust us with the nsec

It's not meant to have the signer be entirely offline, but rather have it be least-privileged (eg a fenced appliance locked down with iptables and so on to only communicate via the dashboard)

The widget for apps with it is NIP-07 based, so if you'd like to drop it in there as an option I can let you know when we're ready to have others beat on it... the service side of it also allows normies that just want an email based log-in to participate without added friction.

0 sats \ 2 replies \ @nym 10 Jan

I would like a Nostr QR code reader external device

0 sats \ 1 reply \ @justin_shocknet 10 Jan

For what exactly? Remote signing? Like BBQR?

We've got a remote signer in the works so you can self-custody your nsec on a secure system but delegate permissioned and audited access out over the internet to apps/interns based on business logic: https://auth.shock.network

17 sats \ 0 replies \ @nym 10 Jan

Thanks, I wasn't aware of this tool

32 sats \ 1 reply \ @ChrisS 10 Jan

Sparrow and electrum can both do this. You can involve a coldcard as well if you want a device specifically designed to never connect to the internet.

0 sats \ 0 replies \ @nerd2ninja 10 Jan

You can use coldcard to sign a nostr message? I thought it only works for PSBTs?

0 sats \ 0 replies \ @0393c53fc8 10 Jan

You could just use the good old GPG.

0 sats \ 0 replies \ @justin_shocknet 10 Jan

You can sign an encrypt any text you want offline, transfer it, and communicate it over any messenger you like... the messenger itself is just the transport.

Given that, you can use the best signing/encryption standard for the job... Nostr's encryption and identity isn't too bad actually, so you could compose messages in an offline Nostr composer then copy the encrypted payload/signature and broadcast those from an online system