buck on Nostr: Unless I’m missing something, you can’t just “allow” sign events with the key ...
Unless I’m missing something, you can’t just “allow” sign events with the key offline. Maybe there’s some delegation protocol, but you need access to the nsec to sign every message. Signing can’t happen without access to the private key.
The closest we have is something like the VLS (validating lightning signer), which is a dedicated, internet enabled signing device that supports encoding permissions about limits on what the device will sign. Unfortunately it still falls victim to the problem that your private keys are still exposed to the internet.
Published at
2024-01-09 05:07:38Event JSON
{
"id": "a72cb8dd2899a2bec143a6275c746ed6630151ab21d8fbe71beb97ccde7ef1fb",
"pubkey": "a23ae2a43870ff90462a0fcb434db99e18e439ab4e73accbf3407ceee6efcc69",
"created_at": 1704776858,
"kind": 1,
"tags": [
[
"e",
"cc9021ae1cfb6a7cb25311f659254d53459520c61e9a98ae942605a269e53898"
],
[
"e",
"daf79541b4512addedac43be063e623cb8ec23a52bcb2ae342f52a110efbbef1"
],
[
"p",
"4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d"
],
[
"p",
"a80455732d5bfa792f279011a8c871853182971994752b9cf1169611ff91a578"
],
[
"p",
"5b0e8da6fdfba663038690b37d216d8345a623cc33e111afd0f738ed7792bc54"
],
[
"p",
"1577e4599dd10c863498fe3c20bd82aafaf829a595ce83c5cf8ac3463531b09b"
]
],
"content": "Unless I’m missing something, you can’t just “allow” sign events with the key offline. Maybe there’s some delegation protocol, but you need access to the nsec to sign every message. Signing can’t happen without access to the private key. \n\nThe closest we have is something like the VLS (validating lightning signer), which is a dedicated, internet enabled signing device that supports encoding permissions about limits on what the device will sign. Unfortunately it still falls victim to the problem that your private keys are still exposed to the internet.",
"sig": "31ddef310ada55c45a571cd12465b859e52d77f821addce1e2517cad14b6d641be1bf3c9b880b72c6f10e94d48df637429ec60957dc05661b35c1aea079b33c2"
}