New iframe-based signing coming to nsec.app and nostr-login!
Many of you have tried nsec.app and had issues. It might be slow and unreliable, because it involves talking over relays and waking up the signer using web push. iOS users had to keep nsec.app tab open to make it work.
Now check out this demo:
https://v.nostr.build/sajUBBgYejAShlcr.mp4
Basically, client app (or a library like nostr-login) can embed signer (nsec.app) as an invisible iframe and talk to it using browser APIs. Talking to your keys no longer involves relays or web push - it's instantaneous! Works perfectly fine on iOS Safari.
We're releasing the updated nostr-login on https://npub.pro, https://nostr.band and on https://primal.nostrapps.org for you to try it. If all goes well and public scrutiny doesn't kill this, we'll publish the new nostr-login on unpkg and every app using it will get a boost with nsec.app.
The NIP proposal is here: https://github.com/nostr-protocol/nips/pull/1557
I encourage web client devs to check it out, maybe this is how we take safe key access to the next level of usability on the web!
Coming soon to your nostr sites!
nostr:nevent1qqst3kp6d0vjjcfcugl9uu4803qnapk95x72nrf45gw4evvwqtf9fccpz4mhxue69uhhyetvv9ujumn0wd68ytnzvuhsygpn2m0xrvukg7f3e69jzs9jh2ur0cypps8029dmayk7qfyqgzutm5psgqqqqqqs4v6njy
Where are the keys stored? For example, if I have nsec.app on my phone and want to login to some web client on my computer (temporarily).
For the iframe-based thing to work you'd have to sign into nsec.app on your phone in the same browser.
So the keys never leave the phone, and all the signing/encrypting/decryption requests & responses are sent over some internal browser-specific api? (i.e. the Safari on my phone can communicate with the Safari on my laptop, if I’m logged in).
No, nothing Safari-specific, keys must be on the same browser on the same device. This doesn't work across devices
Bummer.
I don’t want my nsec to ever leave my phone.
I know that WhatsApp Web used to force you to connect your computer to the same WiFi as your phone. I guess it’s because they didn’t want the computer to interact directly with their servers, and instead it communicated with the phone over the local network. Maybe you could do something similar.
Nice, I was just about to send you a DM that it never imports keys on Brave on ios
I have been trying on mobile Bromite.. It seems working only wheter I paste nsecbunker link in it.. otherwise it loops infinite loading connection.. maybe it causes this its privacy features.. I'll be testing it on desktop in the noon
Hello and thanks for the awesome app.
I was trying to get this going yesterday on ios. I found some instructions at https://nsec.app/ios.html
but I looked hard and couldnt find where these setting were:
Follow these steps:
Go to iOS Settings → Advanced → Experimental.
Enable Push API.
Open use.nsec.app in a browser.
-----------
couldnt find advanced>experimental under main Settings for iOS, or Brave or Safari. I tried both ipad and iphone running iOS 17.
Hi yes you're right, those instructions are outdated. New iOS graduated Push API from experimental and you no longer need that setting. But you still need to add the nsec.app to homescreen, and even then we're seeing issues with reliability. So I would say for now you'll have to just need use.nsec.app tab open while working with connected apps.
Oddbean new post about login | logout 