You can now encrypt your Nymchat identity’s nsec. Encrypt your saved identity key on a device so it cannot be read from local storage without unlocking. You pick the unlock factor per device: a password, a PIN, a passkey, or a biometric (Face/Touch ID, Windows Hello, Android biometric, or a hardware security key). Passkey and biometric unlock use WebAuthn with the PRF extension to derive the key; password and PIN use PBKDF2. The key stays in memory only for the session and the plaintext key is never written to disk while encryption is on. This is a per-device setting and is not synced, because the unlock factor and the stored key are local to each device, so you enable it separately on each device. After you enable it, the app confirms an unlock right away so you are not locked out if an authenticator turns out not to support PRF. Only a non-sensitive on/off preference syncs across devices, so a new device can offer to set it up too. No password, salt, or credential is ever synced. You can find this new setting as “Identity Encryption” under the “Privacy & Security” section of the settings.

Pseudonymously Chat with Nymchat

Ephemeral pseudonymous chat messaging over Nostr. Bridged with Bitchat geohash channels.