nip07 exporting ncryptsec to client

[antonioconselheiro]

Case: user wanna export his nsec as a ncryptsec into a qrcode. Current situation: I believe if he is using the extension to sign there is no way to get a ncryptsec in client.

Suggestion: include a new optional method into nip07 interface to access a ncryptsec:

1. client execute the method;
2. signer ask for user permission to give ncryptsec and ask for a password;

[fiatjaf]

There is no use case for this, the entire purpose of the extension is to NOT give the key to the client.

You can always ask the user to go there manually and copy-paste it if you want, and making it harder and more manual is a good thing as it prevents users from unknowingly leaking their key to a malicious app.

[vitorpamplona]

I agree with @fiatjaf. The client should not be able to request the key.

However, the extension itself SHOULD offer a way to export the key with ncryptsec.

[fiatjaf]

nos2x has that.

[antonioconselheiro]

but I said exporting ncryptsec, not nsec, is that leaking?

[antonioconselheiro]

If client receive ncryptsec from signer is leaking, is a bad suggestion include in nip07 an optional method allowing client trigger ncryptsec creation from signer, in signer screens, to user export it?

[fiatjaf]

What is your real use case? Why can't the client just use normal NIP-07?

[antonioconselheiro]

case: an user from web nostr app wanna export his credential from desktop to android signer, my nostr app have a button to create ncryptsec, and if user is with extesion activated as recomended, I can call extension to show ncryptsec into a qrcode so he can bip bip read that into android signer or print it to store.

I have tested some extensions in past and in the majority of cases I need copy paste my nsec to transfer it to other place or to send to a place where I can ncryptsec that to print it and store as a password.

[vitorpamplona]

You should create an issue in that extension's github repo to ask them to code support for NIP-49 in their own screens.

The nostr app should not do this and thus there is no need to add it to the nip07 (which is an API made for clients)

[antonioconselheiro]

I have tried some https://github.com/fiatjaf/nos2x/issues/55 https://github.com/neilck/aka-extension/issues/4

I was thinking about open one issue to each repository, that why I've tried come here first

[fiatjaf]

[antonioconselheiro]

ops, that was that issue (asking to include qrcode): https://github.com/fiatjaf/nos2x/issues/53

[fiatjaf]

That is fine, we can have that if you are willing to implement it.

[antonioconselheiro]

Surely, I'll be happy in do that