If the nsec is only known to the client and all message signing performed by the client, how does a rogue employee get access to the nsec?
https://github.com/PrimalHQ/primal-android-app
Note: I have not reviewed the source code.
0x07AD
npub16v…8cyzh
2025-05-25 19:52:42
in reply to nevent1q…semu
Author Public Key
npub16v8gk5t725lyesgevqp34s5mre7w3u7yd7mfd9n35j02f099crvqs8cyzhPublished at
2025-05-25 19:52:42Event JSON
{
"id": "ff5aa59ef526a15e4a1ae664004ee6a6f468c747c2211261804ff7f94f885832",
"pubkey": "d30e8b517e553e4cc11960031ac29b1e7ce8f3c46fb6969671a49ea4bca5c0d8",
"created_at": 1748202762,
"kind": 1,
"tags": [
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
],
[
"p",
"6e468422dfb74a5738702a8823b9b28168abab8655faacb6853cd0ee15deee93"
],
[
"p",
"ec003d5ee5101019f1bb8c586e9654adba913efc16f02051c39758694f70becd"
],
[
"p",
"d30e8b517e553e4cc11960031ac29b1e7ce8f3c46fb6969671a49ea4bca5c0d8"
],
[
"p",
"ec003d5ee5101019f1bb8c586e9654adba913efc16f02051c39758694f70becd",
"wss://nostr.oxtr.dev"
],
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24",
"wss://a.nos.lol"
],
[
"p",
"b90c3cb71d66343e01104d5c9adf7db05d36653b17601ff9b2eebaa81be67823",
"wss://relay.primal.net"
],
[
"e",
"93c89176dfccb506082f093def04d425db216fdc8d0d208bab94c1f5f2b6b701",
"wss://relay.primal.net",
"reply",
"b90c3cb71d66343e01104d5c9adf7db05d36653b17601ff9b2eebaa81be67823"
],
[
"e",
"a9f8bc7f368db5229acb98639f29042aefc4b66077b5d23f1039be78d7e883c0",
"wss://a.nos.lol",
"root",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
]
],
"content": "If the nsec is only known to the client and all message signing performed by the client, how does a rogue employee get access to the nsec? \n\nhttps://github.com/PrimalHQ/primal-android-app\n\nNote: I have not reviewed the source code.",
"sig": "c54852be702ab7f9475c36cf32bf5026f62473bb3f93cfef2e5401faded01eb863a8af8bc37135830b0fa0fcff3865887de009947875dd91bf9267bb404e174d"
}