Zapstore is great for software signing. It solves the only reason you would need a long dated PGP key which was for software verifiability. But PGP still solves one narrow problem I don’t want to lose which is offline file level encryption with a trust model I fully control. That doesn’t require a decade long key. It just needs short lived, compartmentalized ones. Nostr’s missing piece is native expiry and rotation standards. We’ll get there. Until then my argument is simple. Keep PGP minimal and disposable for encryption. Treat Nostr as the long term identity layer because it avoids the overhead that made PGP brittle. Using both gives you the strengths of each and covers the weaknesses of both. And it lets you cross verify identity without dragging PGP’s legacy baggage into it.

Local (and remote) file storage encryption is doable with nostr too, here's an article with an early architecture, we made a lot of progress since, but I haven't made an update post yet. Check it out and please give some feedback. View article →

Ok, here the latest version of our architecture. View article →

I wrote this as a starting point, no thanks to @aljaz 's idea: The Higher relay specializes in providing a Nostr relay with access to keys derived from a master key. Any keys which are not derived from the master key will be rejected for write events.

GitHub

GitHub - bitkarrot/higher: Higher: Nostr Relay for Hierarchical determinstic keys

Higher: Nostr Relay for Hierarchical determinstic keys - bitkarrot/higher

Cool!