yunginter.net on Nostr: so this way, only the extension has your key… the sites requests a unique signature ...
so this way, only the extension has your key… the sites requests a unique signature for each event, and the extension generates that sig from your key, and just passes that single use signature to the site. The site never knows your nsec. You don’t have to trust all the new sites that pop up. I even have zap buttons on my personal website that one can sign with an extension.
Published at
2023-07-03 07:32:59Event JSON
{
"id": "f3e3537211cbb43d0d17f41df9667264576444c01a63b7e1ed7c49699127c59a",
"pubkey": "5fd693e61a7969ecf5c11dbf5ce20aedac1cea71721755b037955994bf6061bb",
"created_at": 1688369579,
"kind": 1,
"tags": [
[
"e",
"ae51dcb495ea100911c5ead0cc9f45d529a815c83c3c74b9fb24da44fe99f929"
],
[
"e",
"026e6b5d0de0ba06277de3584ebe126c4dd995cfe40e490d8e0cb60153dd9034"
],
[
"p",
"ed458838319031c1714944c91bc3f59c56da0e779297b22541c867e632f4fce1"
]
],
"content": "so this way, only the extension has your key… the sites requests a unique signature for each event, and the extension generates that sig from your key, and just passes that single use signature to the site. The site never knows your nsec. You don’t have to trust all the new sites that pop up. I even have zap buttons on my personal website that one can sign with an extension.",
"sig": "5c5c0ec72552ee2c92f7c09639a8c54b80c5e1b26a888392808b4e844a16421971d86a3ba53d3eecfe6f099e45616ca482f9ec8ce6666cb7c5157fdd287c4d24"
}
