AU9913's avatar
AU9913 auggie@nakaMOtown.com 11 months ago
Officially enrolling @npub10las...0ywa in #nsex because the feature was announced, but doesn't actually work and we've gotten no response. You're in good company tho, cuz @primal and @Keychat are here too. Devs know key rotation doesn't exist but still want us to trust them and paste our nsec all over the internet, and I'm tired of it. #NameAndShame
PABLOF7z's avatar PABLOF7z
Olas 0.1.7.1 has been released! * Works with remote signers like Amber (on nsecbunker mode). * The video tab now plays short videos with sound on and stops playing when you swipe out * Yet even more performance improvements * Fixed a bug where Android wasn't calculating blurhashes * Always adds image dimensions when posting so @Vitor Pamplona is happier. * "Some" fixes on NWC wallets, but its still quite buggy, will investigate more -- if you've received zaps on your Olas posts today, that was probably me zapping via NWC + remote signing those zaps. Now live on @npub10r8x...t2p8 , Github and TestFlight: https://testflight.apple.com/join/2FMVX2yM
View quoted note →
↑ Parent

Replies (18)

PABLOF7z's avatar
PABLOF7z _@f7z.io 11 months ago
Amber integration via NIP-55 is coming later this week, I mentioned this a couple of days ago. In the meantime , Amber integration via NIP-46 has been possible since day 1
1 replies ↓
AU9913's avatar
AU9913 auggie@nakaMOtown.com 11 months ago
Nip-46 requires the signer to be online, which is insecure. My nsec is precious and live inside of an application that has no network access incase the dev introduces malicious code to expose it.
1 replies ↓
Keychat's avatar
Keychat 11 months ago
When you mentioned Amber login, did you mean login via NIP-55 (Android Signer Application) rather than NIP-46 (Nostr Remote Signing)? I believe Amber implements both NIP-55 and NIP-46.
GitHub
nips/55.md at master · nostr-protocol/nips
Nostr Implementation Possibilities. Contribute to nostr-protocol/nips development by creating an account on GitHub.
GitHub
nips/46.md at master · nostr-protocol/nips
Nostr Implementation Possibilities. Contribute to nostr-protocol/nips development by creating an account on GitHub.
1 replies ↓
AU9913's avatar
AU9913 auggie@nakaMOtown.com 11 months ago
55, amber can be denied network access so I find that secure. 46 would be cool if there was a hardware device like a ring I could just tap with another finger to approve, but I haven't seen that yet.
1 replies ↓
Keychat's avatar
Keychat 11 months ago
In the NIP-46 protocol, the signer that stores the nsec does not expose the nsec. It only receives signing requests, completes the signing, and then sends the result out. View quoted note →
1 replies ↓
AU9913's avatar
AU9913 auggie@nakaMOtown.com 11 months ago
Yes, but how is it the signing done? Via network comms right? So if the signer requires network access to work, then the dev pushes malicious code to publish the nsec, there's nothing you can do about it. Whereas nip 55 I can box up the signer with 0 network access so even if malicious code is pushed, it can't be transmitted.