τέχνη's avatar
τέχνη 3 weeks ago
Yeah. I guess I’m thinking a couple steps ahead actually. We really need a master key that manages app or devices keys. Then Horcrux can manage the master key, right? Tbh, this whole field is completely open for experimentation. Nobody has done anything around key management best practices yet.
↑ Parent

Replies (1)

inkan's avatar
inkan dv@www.inkan.cc 1 week ago
In case it's relevant to this discussion, I've implemented a fully functional key rotation system for Nostr. Please see below. I'm happy to point you to further explanation, just trying to get the word out for now.
inkan's avatar inkan
The way it usually goes, your online identity is your private key. If the key is compromised, there goes your identity. Inkan fixes that. You keep a master key in cold storage and a signing key for everyday use. If the signing key ever leaks or gets lost, the master revokes it and delegates to a new one. Same identity, same followers, fresh signing key. If you'd like to take a look at the prototype: https://www.inkan.cc. Log in with your NIP-07 extension and say hi to the test identities already walking around. Or make one of your own.
image image image image image image image image image
View quoted note →