Is there a way for clients post as someone without having the account's secret #Nostr key? Perhaps using some kind of derivative key that can be revoked?
I'm writing a client and I really do not want to store NSECs 😐
For example #Bluesky and #Mastodon allow one to generate an API key for such use cases.
I know Nostr works totally different. Just curious if I'm overlooking something. Vitor Pamplona (npub1gcx…nj5z)?
npub1hu…pamsh
2024-05-13 19:49:57
Author Public Key
npub1huazt9n0jjuvf62aaqf26z2fxvq4wh3m8p4k4l7vx09s22mygevstpamshPublished at
2024-05-13 19:49:57Event JSON
{
"id": "021182d23f03dbd707ed67acdc0ae02cf1d452a1b49a50e4c297b2a37088a2b3",
"pubkey": "bf3a25966f94b8c4e95de812ad09493301575e3b386b6affcc33cb052b644659",
"created_at": 1715622597,
"kind": 1,
"tags": [
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c",
"",
"mention"
],
[
"t",
"Nostr"
],
[
"t",
"nostr"
],
[
"t",
"Bluesky"
],
[
"t",
"bluesky"
],
[
"t",
"Mastodon"
],
[
"t",
"mastodon"
]
],
"content": "Is there a way for clients post as someone without having the account's secret #Nostr key? Perhaps using some kind of derivative key that can be revoked?\n\nI'm writing a client and I really do not want to store NSECs 😐\n\nFor example #Bluesky and #Mastodon allow one to generate an API key for such use cases.\n\nI know Nostr works totally different. Just curious if I'm overlooking something. nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z?",
"sig": "8618686899f1087a6ef3cd09c2630bbfb5e0c3f7d87a2de200b669048155c0e241b60379678a1276dfe2e2db2828cf158ec8d44a02947c09a7ccfc8874f8d185"
}