--prikey option should be removed

[Lvceo]

--prikey option should be removed as it's a security breach, IMHO.

What about having this shown to every user logged into the system?

$ ps ax | grep nostr
 553521 pts/1    Sl+    0:02 ./nostr_console_elf64 --prikey 680a0693d62e04198472d6def92b801d11fbd417f223000d45f4bbb1e6a3a851

Private key should be imperatively passed over a dotfile in HOME DIR.

[vishalxl]

good point. what about the idea of having a password encrypted dotfile? Would this be needed for example on windows ? Linux has file permissions, but do we still want files containing private keys to be encrypted by some other password?

[Lvceo]

IMO @vishalxl , this should be working like the SSH client (which use PKI more or less the same way as nostr). dotfile should not be encrypted, authorization is already done by user logging into his account, this user is already protected by the OS security implementation. Like referred in #35 having a file in 600 mode is enough to avoid other users accessing the same FS. Having a look to SSH man page, in the FILES section, you will see a quick description of private key storage (for instance ~/.ssh/id_dsa). If you respect this, you are OK. May be a dotdir would be preferable to provide more flexibility for the tool, like multi account feature (different priv/pub keys), and storing preferences for each of them separately.

[jblachly]

dotfile should not be encrypted

Concur 100%; dotfiles even with authorization credentails (example of .ssh config given, but also e.g. AWS credentials file) are just mode-protected