ncryptsec is where it's an nsec except it's been encrypted by a password

not sure what key derivation function they use, but i presume it's argon2 or pbkdf2 and presumably that generates a value that is reversibly XORed with your nsec bytes and then re-encoded with ncryptsec instead of nsec prefix

though what i've seen of nostr dev cryptography tends to be fairly arse backwards, that's just a description of what i would have designed it as (with argon2 of course!)