Ok I just checked all the code paths where the private key is set and its possible to turn a read-only account into a normal account by entering the private key, but it doesn’t check if the private key belongs to that read-only account, oops  😬

So what probably happened is you had a read-only with your main account and then at some point turned it to a normal account but with a different nsec.

If you have a Mac with iCloud keychain sync you could manually fix this in Keychain Access, on the phone its not possible I think, I’ll need to add some tooling in Nostur to recover from this. 

 Haha ok I’ll be exploring; my main key was signing with an nsecBunker iirc I moved it to use my nsec a while ago, in case it helps debug something 😅 

 yea I debugged some more and it does actually check if the private key belongs to that read-only account so that can't be it. I did some DB updates in the past, maybe I missed something related to bunker accounts. Could it be that the "wrong" nsec is the bunker client key?

I think you could try to add existing account again and it should override the wrong keychain data, if that works I don't need to add extra tooling to recover 

 I had a look and, like you guessed, my pubkey in the keychain had a wrong nsec -- so at some point that bug got triggered and I could never write again with Nostur -- I'd think if I logout that Nostur would wipe the keychain entry? 

 It's a bit tricky, it used to work like that, but when I added support for iCloud keychain sync there can be the situation where someone is logged in on 2 or more iCloud devices and logging out on 1 device would also unexpectedly logout on all other devices as well because its using the same keychain, so to be on the safe side I remove the account from Nostur on logout but not from the keychain.

It’s still on the todo list to also remove from keychain, but with warnings to back-up key first etc.