nips icon indicating copy to clipboard operation
nips copied to clipboard

Published 20 hours ago verified publisher icon nostr-protocol

nsec key encrypted export/import format

Open 05nelsonm opened this issue 2 years ago • 3 comments

Wanted to start a discussion around spec'ing out reading/writing nsec keys in an encrypted format so that transferrability between different clients or extensions is "secure" while at rest (either via file or clipboard).

Even if more support is had for using HSM's (such as a YubiKey) to delegate event signing to, most users will not utilize them. If users switch between clients or browser extensions, I believe a healthy assumption would be that a majority will copy/paste their nsec key (this is especially true for mobile applications) and expose raw key material.

To mitigate key sniping, clients implementing this new nip should be able to import or export encrypted nsec keys in accordance with the specification.

05nelsonm avatar Mar 01 '23 22:03 05nelsonm

@mikedilger had a proposal for this, which is implemented on github.com/mikedilger/gossip.

fiatjaf avatar Mar 01 '23 23:03 fiatjaf

@mikedilger had a proposal for this, which is implemented on https://github.com/mikedilger/gossip. I can't find it now. My internet is broken.

fiatjaf avatar Mar 01 '23 23:03 fiatjaf

https://github.com/nostr-protocol/nips/pull/133

jleger2023 wrote his own method of encrypting the private key for NostrGram(?) and then I told him about draft NIP-49. I haven't heard anything so I presume his method isn't for interoperable moving private keys between clients, but locked into his client only.

mikedilger avatar Mar 02 '23 01:03 mikedilger

To build on @05nelsonm's idea, it may help to consider designing a means to allow relying parties a way to validate events based on how the signing key is protected. For example, if an event was signed by a key protected in software, clients conforming to the relevant NIP would display that the key which signed the event is considered Basic Trust or Basic Assurance. If an event was signed by a key stored in a hardware-based cryptomodule, NIP-conformant clients should display that the key which signed that event is held in Moderate trust/Assurance. So if a key was used by an individual in casual everyday use, events by software based keys are adequate. For brands and organizations who wish to provide an extra degree of assurance to their signed events, they can offer their followers that assurance with that extra bit of validation.

dacervera avatar Apr 21 '23 22:04 dacervera

@dacervera Though related it seems best for your idea to have its own issue. If restated as a problem, I might phrase it as: There is currently no standard way to share the level of security around storage of a note's signing key.

weex avatar May 19 '23 06:05 weex