Thread

I compared a few key signers, did a little side-by-side on them. What really surprised me is that some browser add-ons just store the user's nsec in plain text right in the browser's local storage, where it could be read by other add-ons! No such problems with #NoorSigner, since it runs locally in the file system and talks to the #NoorNote client over Unix socket IPC. That said, it came out that NoorSigner was using the weaker XOR encryption instead of the more secure AES. And I fixed that up today, it'll be in the next release, insh'Allah. image

Replies (7)

Have been considering this a lot with respect to our trading platform never wanting to see a customer's keys. The answer seems to be to simply allow users to send their data to the API along with generating an encryption key on server and having additional services only forwarding secure data in a relay type manner. Never saving tokens in the browser at all. An alternative could be a desktop app. We have around 90% of the server infrastructure in place. Pretty cool stuff with Nostr keys for the first iteration.
πŸ›‘οΈ
I built Blockcore Wallet some years ago as a "crypto wallet" (also had Bitcoin support), but there is only one chain left. Though it also works well as a Nostr signer and I've used it for years now. It stores the keys encrypted, uses background process to keep the private key in-memory when unlocked. It supports multiple accounts, from recovery phrase. Also, manual import of any nsec. Will likely soon remove all wallet features and make it a pure key manager, with support for Nostr and DID.
GitHub
GitHub - block-core/blockcore-wallet: Web5 Wallet for your coins, tokens, identities, NFTs and more.
Web5 Wallet for your coins, tokens, identities, NFTs and more. - block-core/blockcore-wallet