Oddbean new post about login | logout I’m trying to use fiatjaf’s nak CLI to generate a new nsec/npub pair. when I used the “nak key encrypt” command successfully the output shows a string that begins with “ncryptsec…” what is the relationship between “ncryptsec” and “nsec”?
ncryptsec is where it's an nsec except it's been encrypted by a password not sure what key derivation function they use, but i presume it's argon2 or pbkdf2 and presumably that generates a value that is reversibly XORed with your nsec bytes and then re-encoded with ncryptsec instead of nsec prefix though what i've seen of nostr dev cryptography tends to be fairly arse backwards, that's just a description of what i would have designed it as (with argon2 of course!)
what’s the easiest/best way to generate a nsec/npub and perform basic signing operations from a CLI?
idk, my tool "vainstr" works pretty nice but isn't just a generator but a miner, lets you pick out some bech32 letter sequence that you want, beginning, end, or anywhere in the key, it can make a key like mine with "mleku" at the end in about 10 minutes on a 12 core ryzen 5. you can of course just get one instantly with just one chosen letter like 1 or something nak from fiatjaf is a good tool for making events from the CLI, mattn's algia is a nice tool for publishing events too
npx noskey then nostril or nak
actually i just realized there is no best way, pretty much nothing works, because many tags require 3 properties (unfortunately), and i dont know a way to do that after asking around i ended up having to write my own
For the nsec[...] nak key generate | nak encode nsec For the npub[...] nak key public [paste nsec] | nak encode npub The nsec and npub can be converted back to hex with nak decode npub [key] nak decode nsec [key]