Manage your Nostr keys securely with Nsec Bunker
Nsec Bunker is a great tool for secure Nostr key management. It doesn’t only enable more secure key handling, but also ways to arrange signing permissions among different people, which makes it a great tool for businesses or other organisations.
It can be build from a Github repo, or bought on their official website. For the future we expect Nsec Bunker to be able to run on hardware devices like the Satslink, what would make it an amazing Nostr signing device.
What is Nsec Bunker?
Nsec bunker is software to secure Nostr keys and manage permissions. The private key (?) is encrypted by a passphrase and will never leave the bunker. With this private key, temporary tokens can be created to give permissions to log in into a client (?) and sign for Nostr messages. When the permission is being stolen by hackers or the owner simply doesn’t want to grand permission anymore, it can simply be revoked and other tokens with new permissions can be created.
This system ensures that the user can use different clients or give permissions to different people without increasing the risk surface of the private key. Especially when it is being used on an offline device, it will ensure a high security level, while both usability and optionality are very good.
What can be done?
- Secured Key Storage Your Nostr keys are kept in a safe manner, encrypted through a passphrase provided by you. To utilise them, you’ll need to decrypt these keys yourself.
- Access Control You have the liberty to provide or revoke access to your Nostr account to specific public keys or to certain clients.
- Activity Logging Maintain a log of every action performed on your account, including the identity of the executor.
- Policy Enforcement for Signatures Implement restricted signing permissions tailored to each user and each client. For instance, allow usage for social media cases, but restrict changes to profile data.