Why Nostr? What is Njump?
2024-03-05 16:40:04

nsec.app: Use Nostr Apps Safely

This is a long form article, you can read it in https://habla.news/tony/nsec-app

Nsec.app is a Nostr application which lets you share access to your account and login to Nostr apps seamlessly with numerous devices.

The app is super useful when collaboratively running a Nostr account. It lets you generate tokens to share with partners or colleagues and provide different levels of access to different individuals.

Another bonus feature of nsec.app is letting you forget about Nostr browser extensions. Extensions have their fair share of useful features, but using nsec.app (or other apps that support NIP-46 login, e.g. nsecBunker) is often more convenient, arguably more secure and offers some features, that extensions aren’t able to deliver.

Let’s walk through the process of starting the nsec.app and see what features it has to offer.

Installation

Nsec.app is a PWA (see my short blog post on PWAs and their benefits here), meaning that it can be saved to your device in a way that it feels and acts like a native app. Alternatively the app can be used in the browser.

Visit Nsec.app:

https://i.nostr.build/axlP.png

After pressing the “Get started” button you’ll be welcomed by three main options: “Sign up”, “Login” or “Import Key”. Let’s explore each of these options:

  1. Sign up: This option suits those, who do not have a Nostr account yet. I’d steer clear from this option for now and create an account in a more “conventional” way – via one of the popular Nostr clients or by utilizing a dedicated browser extension.

Stay tuned as the developers are working on wide implementation of NIP49. At the moment few Nostr clients support NIP49, so you won’t have many options of using keys created with nsec.app. When most Nostr apps support NIP49 logins, signing up to Nostr via nsec.app will become a more convenient option.

If you decide to utilize nsec.app to create your Nostr account, the process is super simple:

  1. Choose your Nostr address
  2. Create and confirm your password
  3. Enjoy your new Nostr account 💜

https://i.nostr.build/JqgP.png

  1. Import key: This approach assumes you would like to start using nsec.app with the existing Nostr account.

https://i.nostr.build/5e9y.png

In this case you’ll need to choose your username, provide your private key and choose a password. This will create the nsec.app account (by setting a username and a password) while binding it with your original Nostr account (by providing your private key).

It is worth noting that your keys will be encrypted by your password and stored on nsec.app’s server to sync to other devices in end-to-end encrypted manner.

  1. Login: This approach assumes you’ve already set up nsec.app and would like to enter your dashboard from a new device.

https://i.nostr.build/k6aa.png

Do not forget to click the “Enable background service” tile after setting up your account. This will ensure you receive a notification whenever the request to authorize a login is created.

https://i.nostr.build/Zrdx.png

Usage

After setting up nsec.app you’re ready to start utilizing it to login to numerous Nostr apps.

The most powerful feature of nsec.app is that it lets you login to apps without having to use the browser extension or exposing your private key.

For example, I can now turn Coracle client into a PWA on my iPhone, which is otherwise impossible, because Apple does not allow you to utilize browser extensions with PWAs.

Another use case is delegating the rights to interact with Nostr on behalf of the account you created.

Regardless of wether you want to use the app single-handedly, or delegate the private key, the process is as follows:

  1. Use nsec.app to create a login string by pressing “Connect app”.
  2. Copy the string by pressing the corresponding button.

https://i.nostr.build/rvVB.png

  1. Paste the string into the client that you’d like to login to.
  2. As you (or your companion) try to login to the Nostr app, nsec.app will display a notification asking you (the administrator) to approve the login.

https://i.nostr.build/7x53.png

As you can see, there are two options for you to choose from:

  • Basic permissions: This will approve all potential future interactions.
  • On demand: This will log the user in and ask for your approvals every time the user tries to interact with the protocol in a new way (like, zap, follow, etc.)

That’s it. You can now interact with nostr without ever having to utilize the browser extension or share your private key with any app.

Features

Customization

Nsec.app lets you customize the way your connected apps look. You can name them, specify a website address and choose an icon of your choice. Very handy functionality for when you start actively using the app:

https://i.nostr.build/ej6X.png

As the stack of connected apps grows this will help you distinguish between them in order to introduce any necessary changes.

https://i.nostr.build/XEgW.png

Connected apps management

This leads us to the next important part of using nsec.app: revoking access to apps. This is especially important when it comes to sharing access to account with someone else. In case you no longer plan to collaborate on the account, or you simply do not need some app connection to function any longer, you can revoke access at any time.

Just open the app you need and: (a) press “Delete app” (this completely cuts connection between your app and nsec.app) or (b) press the three dots next to the existing approved permission followed by “Delete permission” (this cancels the given permission, so that the next time you (or other user) tries to interact with the protocol, you will receive a notification asking you to approve their action).

https://i.nostr.build/d3QD.png

NIP49 logins

Nsec.app allows you to utilize another way of logging into Nostr apps – NIP49. We touched on this approach earlier, so let’s explore how it works.

Here’s an example with Noogle:

  1. Choose the Login with NCryptSec option:

https://i.nostr.build/DzeV.png

  1. Enter the encrypted Nsec (to be retrieved from the nsec.app in Settings -> Export) and the nsec.app password:

https://i.nostr.build/R505.png

That’s it. You’re logged in.

https://i.nostr.build/moLR.png

At the moment few clients support this NIP, but given the benefits of this functionality, it shouldn’t be long before we see more and more clients join in.

Outro

Just like with every other Nostr app, there’s a lot of work to be done. Nevertheless, nsec.app already solves many important problems, and is definitely worth your attention. Give it a try and let us know if you find any bugs, or come up with some ideas worth implementing. Feel free to ping myself or, better yet, the app developer brugeman (npub1xdt…ntxy)

Hope this guide was useful! If so, don’t forget to zap this post 😉

See you on the other side of the Nostr rabbit hole

Tony⚡️

Author Public Key
npub10awzknjg5r5lajnr53438ndcyjylgqsrnrtq5grs495v42qc6awsj45ys7