nsecBunker: Nostr Keys Delegation

“The premise of nsecBunker is that you can store Nostr private keys (nsecs), use them remotely under certain policies, but these keys can never be exfiltrated from nsecBunker.””All communication with nsecBunker happens through encrypted, ephemeral nostr events.”The waitlist (NIP-07) is available at: https://nsecbunker.com/The project does not use NIP-26.

How it works

Within nsecBunker there are two distinct sets of keys: user keys and nsecBunker’s key.User keys: The keys that users want to sign with (e.g. your personal or company’s keys).”These keys are stored encrypted with a passphrase; the same way Lightning Network’s LND stores keys locally: every time you start nsecBunker, you must enter the passphrase to decrypt it. Without this passphrase, keys cannot be used.”nsecBunker’s key: “nsecBunker generates it’s own private key, which is used solely to communicate with the nsecBunker administration UI. If these keys are compromised, no key material is at risk.””To interact with nsecBunker’s administration UI, the administrator(s)’ keys must be whitelisted within nsecBunker. All communication between the administrator and the nsecBunker is end-to-end encrypted with these two set of keys.””Non-whitelisted keys simply cannot talk to nsecBunker’s Administration UI.”

Blog Post / Archive

Leave a Reply

Your email address will not be published. Required fields are marked *