Great write-up Derek Ross (nprofile…x8f0)! I was unaware of Nowser, Knox, and Keycast before reading this. Will need to check them out.
One line above wansn't entirely accurate, but it's minor. You said, "This lets you create temporary keys that can sign events on your behalf, without exposing your private key." The bunker strings created for NIP-46 are not keys at all. They don't actually sign anything. ALL signing is done using your actual private key. The bunker string just gives a client the necessary information to communicate with the application that is storing your private key, that way the client can send a request for a signature that the signer app will use your private key to sign, and then send the signed event back to the client.
It's an important distinction, because it is why the device running the signer app has to remain online for NIP-46 signing to work. If the bunker strings were keys in and of themselves that could be used to sign events, then communication with the signer app remotely would not be necessary.
Dikaios1517
npub1ku…v3lhe
2025-02-27 19:39:30
in reply to nevent1q…45qn
Author Public Key
npub1kun5628raxpm7usdkj62z2337hr77f3ryrg9cf0vjpyf4jvk9r9smv3lhePublished at
2025-02-27 19:39:30Event JSON
{
"id": "9e4f9dade349ddc04844e8548e3c24d2931077c6341c349dd061d16fdb3f0c1a",
"pubkey": "b7274d28e3e983bf720db4b4a12a31f5c7ef262320d05c25ec90489ac99628cb",
"created_at": 1740685170,
"kind": 1,
"tags": [
[
"p",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24",
"wss://nostr-relay.derekross.me/"
],
[
"p",
"78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d",
"wss://aegis.utxo.one/",
"Zapstore"
],
[
"p",
"0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd",
"wss://relay.mostr.pub/",
"Alex Gleason"
],
[
"p",
"1739d937dc8c0c7370aa27585938c119e25c41f6c441a5d34c6d38503e3136ef",
"wss://relay.snort.social/",
"JeffG"
],
[
"q",
"8abd75f0a81c55ebc4e4e513a5f324cd71d90636c68b88451ff3b40d0c4f2f12",
"mention"
],
[
"e",
"37fd6a3defa997e3ff1ac8cb61d92ee04dca30d7c9d03185c80bae5d1ced4dcc",
"wss://nostr-relay.derekross.me/",
"root",
"3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24"
]
],
"content": "Great write-up nostr:nprofile1qy0hwumn8ghj7mn0wd68yttjv4kxz7fwv3jhyettwfhhxuewd4jj7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uq3zamnwvaz7tmwdaehgu3wwa5kuef0qythwumn8ghj7un9d3shjtnwdaehgu3wvfskuep0qyt8wumn8ghj7mn0wd68yetvd96x2uewdaexwtcpzdmhxue69uhhwmm59e6hg7r09ehkuef0qy88wumn8ghj7mn0wvhxcmmv9uq35amnwvaz7tms09exzmtfvshxv6tpw34xze3wvdhk6tcprdmhxue69uhhyetvv9ujumn0wd68yurvv438xtnrdakj7qgwwaehxw309askgun99eeh2tcqyqlhwrt96wnkf2w9edgr4cfruchvwkv26q6asdhz4qg08pm6w3djgcxx8f0! I was unaware of Nowser, Knox, and Keycast before reading this. Will need to check them out.\n\nOne line above wansn't entirely accurate, but it's minor. You said, \"This lets you create temporary keys that can sign events on your behalf, without exposing your private key.\" The bunker strings created for NIP-46 are not keys at all. They don't actually sign anything. ALL signing is done using your actual private key. The bunker string just gives a client the necessary information to communicate with the application that is storing your private key, that way the client can send a request for a signature that the signer app will use your private key to sign, and then send the signed event back to the client.\n\nIt's an important distinction, because it is why the device running the signer app has to remain online for NIP-46 signing to work. If the bunker strings were keys in and of themselves that could be used to sign events, then communication with the signer app remotely would not be necessary.",
"sig": "f006c9284968f728659f1bf6a98903d06cb85e1a0ce5378d10972d48e0c003256c4d5b4a337ec869d4e9388f6676200d7078c3b6bf3d8a6d7ab6ce6ec63dbc2f"
}