Maybe I am missing something, but with a tool like Amber on a device that only I control, I am sure only I can use those keys, accept requests and sign, but with this enclave thing, which is "online" and you "connect" to it using a frontend (I guess), how does this work? Is the frontend part of nsec.app running client/browser side? How can I be sure only "my device" (as long as I don't delete website data/cookies of nsec.app ?) can access those keys? How does this differ from Amber?
Replies (2)
Amber works great for apps on the same device. Cross device it has same issues as nsec.app - Amber is killed by mobile OS and can't process requests reliably.
This enclaved signer can accept your nsec and process requests to it. You still retain your nsec and can control the signer with it, that's what nsec.app does. Your local key just can't be always-online.
Does it make sense?
Mmhh I get what you say about the drawbacks of an in device signer like Amber (even though I think it depends on the usage one has with a nostr client), but I don't really understand the "you still retain your nsec and can control the signer with it", but probably it's just because I didn't fully understand the overall logic flow.
