Oddbean

Well, I’m guessing it’s a temporary npub to send & receive private messages between my laptop and my phone (over nostr too): the content to be signed/encrypted/decrypted and the signatures/encrypted/decrypted-data. I was thinking about using nsec.app as an alternative for the nsecbunker.com daemon/dockers: to run a shared account that can be controlled by multiple users (like for a company) - by keeping a computer with a Brave browser open with nsec.app and allowing my npub and my friends’ npubs. But this means I would need to re-approve new npubs if we log out (which means logging to that computer).

I haven’t tried adding on npubs for shared access, but I don’t think you’d need to reapprove them. As long as you have access to the nsec.app dashboard you should be able to add new npubs to the connection if my understanding is correct. You’re adding the permanent user npubs, not the temporary ones.

I have not tried using nsecbunker to share access, but from my understanding what you want is: - add npubs that are allowed to control the main key - set permissions for each such npub - is they can accept connections, confirm certain kinds, etc - then if one of those users are trying to log into an app, they would confirm the connection/signing themselves (but within limits that you've specified) - all this without your friends getting access to your main nsec, which is stored safely on one of your devices Is that roughly it?

Yes, there is even no need to confirm logging to a new app themselves. They will only use one app: snort/coracle. I want to approve them once on the main device that stores the main key. I think it could be implemented simply by changing the code of snort/coracle to use window.nostr.nip04.encrypt/decrypt and window.nostr.signEvent/getPublicKey - so the same nsec-npub keypair in the extension will be used to communicate with the bunker, instead of generating a temporary nsec-npub keypair on every session.

Oh that's an interesting idea of using extension key as app key... need to think it through. Meanwhile, if they're gonna use just one app, they could try to log in as your main key on their device, you would confirm on main device, add needed permissions (manually or on request) and then they'd just keep using it? If they'd need to re-login you'd have to confirm again, but once the session is created they should be able to use it just fine?

I wouldn’t want them to keep a session open on their laptop but it’s an interesting idea to keep a session open on their smartphone. I’m writing this note from coracle that I added to my home screen as an app (the session even survived a reboot of my iPhone). Do you know of Android apps that support nsecbunker login? Primal/Amethyst?

It's just a way for you to mark this session as "I shared it with this npub". If you gave someone access by confirming a login on their device and then mark a session using this option, then you'd be able to filter the activity and connections on the key's screen - you'll be able to select "yourself" or "that npub you shared with". This is some beginnings of shared access, just for reporting.