Oddbean new post about | logout
 This can't be... I will wait for Pablo's response lol.  
 How else can you sign the note if you don’t have the key? 🐶🐾🤷‍♂️ 
 Right, I get that, but if you (service provider) is able to see everyone's decrypted key, do we not agree that could be an issue?  
 I am not claiming that I know the code well en, so take my comments with a grain of salt. If signing is done at the client and key is never known to nsecbunker in its plain form, then only client has the access, if not, then server has the access. @PABLOF7z will be able to confirm one or the other way. 🐶🐾🫡 
 From the site: “Your nostr keys are stored encrypted with a passphrase you provide and must be decrypted by you before they can be used” 
 So is your passphrase salted? Is that saved somewhere? Or you have to enter each time to decrypt and sign? 
 Don’t trust, verify! 🐶🐾🫡
nostr:note1pzcttlcgylnxlnry4ul4px02se9q8e4nd07f23rp7v2ke52zy3yshyf9wf 
 So passphrase is only used at runtime and not stored in mem? 
 I don’t know but if the service has access to both (encrypted nsec and passphrase), then it is not hard to get a clear text nsec. It is clearly stored in mem since it’s in variable 🐶🐾🫡 
 Gonna get wallet of satoshi rugged 
 I'm not making any statements, I just want to understand how it works. 
 Yup, it's true. Bunker has to be able to decrypt the key in order to sign with it. The user provides a password that is used to encrypt at rest but when the key is needed for signing the Bunker has to decrypt it (with the password you provide). The key is used and then re-encrypted.

This is why it's important that the code for something like Nsecbunker is open and (ideally) it would be verifiable that a bunker service is running the exact same code so you know they haven't done anything fishy.