I’m experimenting with building a simple wealth tracker, where you save encrypted records of your assets’ value to a local relay (indexedDB), and sync to a trusted relay. If your nsec is compromised, the ideal would be for the data to not be revealed without an extra key. If I’m not mistaken, the scheme you shared allows me to achieve this, since you’d need the device as well to decrypt. And I would add a passphrase, for when the device is compromised. Am I doing something stupid? 😅