GM Nostr! π
π Announcing Keycast π
A remote signing platform for teams.
https://share.cleanshot.com/y4XbqKpT
Remote signing (NIP-46) has always had a lot of promise. Apps like Amber, nsec.app, and others have made it possible to manage your nostr keys in a way that is safer than browser extensions or pasting your nsec around the internet.
BUT, none of them catered to teams. Groups like nostr:npub1nstrcu63lzpjkz94djajuz2evrgu2psd66cwgc0gz0c0qazezx0q9urg5l and nostr:npub19mduaf5569jx9xz555jcx3v06mvktvtpu0zgk47n4lcpjsz43zzqhj6vzk and many many companies out there are just sharing the main account nsec between different people and using it in different apps. A recipe for disaster.
Keycast aims to finally fix this. It allows you to:
- Manage teams of nostr users
- Manage multiple keys that you want to give others access to
- Create authorizations for those keys that grant specific permissions that can be changed, revoked, etc.
- Create your own custom permissions
- Run the signing infrastructure without any extra work
And do it all in a self-sovereign way. Keycast is meant to be run on your server, by you. I think it's tremendously important that this sort of tool doesn't exist as a hosted service (which would basically be a huge key honeypot over time).
The app is both a management web app AND a backend process that manages sub-processes that listen for remote signing requests, check permissions, and sign events.
There is a basic docker setup to start, but my goal is to have this easily deployable to StartOS, Umbrel, Podman, and others.
Code here:
https://github.com/erskingardner/keycast
Replies (58)
gm
Niiiice!! Gonna take a dive into this soon. Awesome work!
GM! β βοΈ π«
nostr:nevent1qqsg40t47z5pc40tcnjw2ya97vjv6uweqcmvdzugg50l8dqdp38j7yspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygqh88vn0hyvp3ehp238tpvn3sgeufwyrakygxjaxnrd8pgruvfkaupsgqqqqqqsnhr8hv
What nostr clients support nip46? I don't think #Amethyst supports it?
Legend!
Donβt mind Jeff just quietly solving nostrβs biggest problems ππ
Great Job JeffG!
nostr:nevent1qqsg40t47z5pc40tcnjw2ya97vjv6uweqcmvdzugg50l8dqdp38j7yspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygqh88vn0hyvp3ehp238tpvn3sgeufwyrakygxjaxnrd8pgruvfkaupsgqqqqqqsnhr8hv
Bravo!
This will improve team experience on nostr so much! Thanks for working on this π€πΌ
GMβοΈβοΈπ
πChristmas present π to the Nostr community π!
Ho ho ho π§βπ thatβs very cool π«Ά
why do all the useful tools have to have this disgusting startup marketing aesthetics? "work together", give me a break
What would you rather? Work alone in your momβs basement?
this is too complicated, use
https://gitlab.com/soapbox-pub/knox instead
Give nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z 5 minutes and
my point is that signing events is not the exact definition of work
For single users Knox is great. For teams, less so.
In any case, use what you want and stop complaining about having so many choices of high quality free software.
Knocking it out of the park, well done chap π
you can create a bunker on amber and connect to amethyst
π
The amount of apps drops coming to nostr:npub126ntw5mnermmj0znhjhgdk8lh2af72sm8qfzq48umdlnhaj9kuns3le9ll is incredible! Thanks the hard work!
Very great!
Beautiful present, thanks!
β₯οΈ
Thanks for sharing. I didn't know about this project. I hope a GUI gets developed too.
We need more of this, If you ask me Keycast is totally a candidate for funding on Angor.
GM!
using github to host code, what a sheep
gm
wow. next level.
nostr:note1327htu9gr327h38yu5f6tueye4cajp3kc69cs3gl7w6q6rz09ufqukl74j
ππ₯π€π₯π₯π₯π₯π₯
Good Morning! MERRY CHRISTMAS!β‘οΈπβοΈπ
Awesome stuff Jeff!
I love the elegance of the policy system. Easy to understand, yet very powerful
Gotta chance how we do GiftWraps. We download everything and decrypt them all at startup. So, if your NIP-46 can manage 1000s of decryptions per second, we can make it work right now. Otherwise, I need to find a way to lazy load this.
Did you abandon nostr messaging?
Not at all. Just took a short break. Only started working on keycast at the beginning of last week.
Iβll be back to the messaging stuff just after Christmas.
Hmm. Middle of family stuff now but let me have a look a bit later. I might have just borked something while trying to get the docker stuff going last night.
Give me a bit of time to polish things up and then we can benchmark it.
This is amazing!
That would be awesome. Would love to be able to also offer some bounties on permissions, getting lots of tests written, and having it deployable on lots and lots of systems.
Yes it is. I constantly sign events for work
Thank you! you scared me a little haha
can't wait to see White-noise in action.
I suspect nostr:npub1zuuajd7u3sx8xu92yav9jwxpr839cs0kc3q6t56vd5u9q033xmhsk6c2uc is working on a windows machine. since thats the only OS I know of that does not have case sensitive file names π
Also I cloned the repo and the files where missing the new line at the end of the files
Nope. New Mac. Iβm weirded out by that file name too.
Thank you!
Very odd. File explorer and terminal were showing the uppercase spelling but my guess is that I had it wrong early, changed it, and for some reason git was still tracking it in the old case without changing it... π€·ββοΈ
I'll push a fix (for a few things I found since announcing π€¦ββοΈ) sometime soon.
For now, it's Christmas time. π
A few questions I had for a friend
- Are secret keys loaded into the same address space as the process running an http server?
- Are secret keys stored in plaintext or reversible encryption accessible to the process running an http server?
- Are secret keys stored in a file readable by the http server process?
What is a public url of a hosted version one might play around with? Again asking for a friend.
Gm
The answer to all three is what you donβt want to hear. For v1 Iβve left a lot to desire. Keys are encrypted at rest but fetched/decrypted by the same process running the http server (but not from any of the http methods directly).
I'm looking for teams or companies that are looking to test Keychat out.
Deployment via Docker should work well so if your team or company is willing to run a VM or install this on a server you already have, let me know. I'm happy to help you walk through the setup.
nostr:nevent1qvzqqqqqqypzq9eemymaerqvwdc25f6ctyuvzx0zt3qld3zp5hf5cmfc2qlrzdh0qqsg40t47z5pc40tcnjw2ya97vjv6uweqcmvdzugg50l8dqdp38j7ys59sssx
You're welcome. Here's more info.
nostr:nevent1qqsg40t47z5pc40tcnjw2ya97vjv6uweqcmvdzugg50l8dqdp38j7yspz9mhxue69uhkummnw3ezuamfdejj7q3qzuuajd7u3sx8xu92yav9jwxpr839cs0kc3q6t56vd5u9q033xmhsxpqqqqqqzjud6n4
My big man π
THIS is exactly the solution I've been most anxiously looking for!
Yo nostr:nprofile1qy2hwumn8ghj7ct4w35zumn0wd68yvfwvdhk6qghwaehxw309anxjmr5v4ezumn0wd68ytnhd9hx2qgdwaehxw309ahx7uewd3hkcqgswaehxw309ahx7um5wgh8w6twv5q3samnwvaz7tmswfjk66t4d5h8qunfd4skctnwv46qzynhwden5te0wp6hyurvv4cxzeewv4esz9rhwden5te0wfjkccte9ejxzmt4wvhxjmcprfmhxue69uhhyetvv9ujuem9w3skccne9e3k7mf0wccsz9thwden5te0wfjkccte9e4x2enxvuhxv7tfqyt8wumn8ghj7un9d3shjtnwdaehgu3wvfskueqpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgcwaehxw309aex2mrp0yh8xmn0wf6zuum0vd5kzmqqyqtnnkfhmjxqcums4gn4skfccyv7yhzp7mzyrfwnf3kns5p7xymw7a3kzv7 it would be amazing to have you on this call! I'd love the fact that the freedom tech community is getting into healthcare which needs to be fixed, just like our money. Solutions like Keycast will play a pivotal part in this.
note1lnh3q6648ysulrx2pgeyhv2cqqle9vftdxalq3yqkqa7c89eljtqyr70nl
Cool idea! Iβll see, maybe I can make it
nostr:nevent1qqsg40t47z5pc40tcnjw2ya97vjv6uweqcmvdzugg50l8dqdp38j7yspzpmhxue69uhkummnw3ezumt0d5hsygqh88vn0hyvp3ehp238tpvn3sgeufwyrakygxjaxnrd8pgruvfkaupsgqqqqqqssss332
