What is "remote signing" NIP-46 and NIP-55 Nostr key management? #HOWDONOSTR
Across Nostr's ecosystem, where decentralization and user control are paramount, managing private keys securely should be a top priority. There is no central authority to reset your "password" or help you recover your "account" if your private key is leaked. Once leaked, your "account" is essentially burned and you no longer have control.
Remote signing your social transactions with NIP-46 (Nostr Remote Signing) and NIP-55 (Android Signer Application) provides a safer and more convenient way to interact with Nostr applications without exposing your private key.
By entering your private key into multiple applications, you increase the risk of it being compromised. To protect your key, only trust a minimal number of applications and avoid entering it into more apps than absolutely necessary. Proper private key management with remote signing applications can help here.
What are NIP-46 and NIP-55?
NIP-46 (Nostr Remote Signing) and NIP-55 (Android Signer Application) allow you to use a remote signer—a separate tool or device—to approve actions on your behalf. Instead of entering your private key into every app, you authorize trusted applications to sign messages remotely. This lets you create temporary keys that can sign events on your behalf, without exposing your private key. You can limit what these keys can do, such as only allowing them to post notes but not change your profile.
Using the NIP-46 method, a user would login to a Nostr application with a long string similar to this example:
bunker://<remote-signer-pubkey>?relay=<wss://relay-to-connect-on>&relay=<wss://another-relay-to-connect-on>&secret=<optional-secret-value>
Using the NIP-55 method, a user would simply tap or click a 'Login with Amber' or 'Login with Android Signer' button in their Nostr application. All of the heavy lifting and configuration items are handled by the Android signer.
Why use remote signing?
* Better Security – Your private key stays in a secure location, such as Knox, NAK, or Keycast, rather than being exposed in multiple applications.
* More Control – You decide which apps can sign messages and revoke access anytime.
* Seamless Experience – There is no need to copy and paste private keys between apps. It just works in the background.
How can you use it?
The easiest method is Amber for Android. (A new application named nowser recently launched. I have not tested or used this application. However, it supports Android, iOS, Windows, and Linux.)
* Amber: https://github.com/greenart7c3/Amber or download from Zapstore (npub10r8…t2p8)!
* nowser: https://github.com/haorendashu/nowser (Remember, I have not used this application. Please use at your own risk!)
If you're more technical and you have a Bitcoin node or a Nostr relay, you may want to consider running either NAK, Knox, or Keycast. These will require a dedicated computer or server.
* NAK (Nostr Army Knife): https://github.com/fiatjaf/nak (This requires almost no setup. You download a simple program and run it with the command 'nak bunker' and keep the terminal window open or run this on a server.)
* Knox: https://gitlab.com/soapbox-pub/knox (Alex Gleason 🐍 (npub1q3s…d26p) actually wrote a great article on this nostr:naddr1qvzqqqr4gupzqprpljlvcnpnw3pejvkkhrc3y6wvmd7vjuad0fg2ud3dky66gaxaqqykkmn00qkkyet5vyhjuvda)
* Keycast: https://github.com/erskingardner/keycast (JeffG (npub1zuu…c2uc) wrote more about Keycast here: nostr:note1327htu9gr327h38yu5f6tueye4cajp3kc69cs3gl7w6q6rz09ufqukl74j)
Examples of Android applications with support:
* Amethyst, Wavlake, Fountain, 0xchat, Coracle, Flotilla, and more!
Examples of iOS applications with support:
...
Examples of Web applications with support:
* Coracle, Nostrudel, Jumble, Snort, Nests, Habla, and more!
Many, many Nostr applications support NIP-46 or NIP-55. However, popular applications such as Damus and Primal do not support these login methods at this time. If your favorite application does not support these login methods, you'll need to ask your app developer and zap them accordingly 😉
Happy remote signing!
Derek Ross
npub18a…tp424
2025-02-27 15:40:25
Author Public Key
npub18ams6ewn5aj2n3wt2qawzglx9mr4nzksxhvrdc4gzrecw7n5tvjqctp424Published at
2025-02-27 15:40:25Event JSON
{
"id": "37fd6a3defa997e3ff1ac8cb61d92ee04dca30d7c9d03185c80bae5d1ced4dcc",
"pubkey": "3f770d65d3a764a9c5cb503ae123e62ec7598ad035d836e2a810f3877a745b24",
"created_at": 1740670825,
"kind": 1,
"tags": [
[
"p",
"78ce6faa72264387284e647ba6938995735ec8c7d5c5a65737e55130f026307d"
],
[
"p",
"0461fcbecc4c3374439932d6b8f11269ccdb7cc973ad7a50ae362db135a474dd"
],
[
"p",
"1739d937dc8c0c7370aa27585938c119e25c41f6c441a5d34c6d38503e3136ef"
],
[
"q",
"8abd75f0a81c55ebc4e4e513a5f324cd71d90636c68b88451ff3b40d0c4f2f12"
],
[
"t",
"howdonostr"
],
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "What is \"remote signing\" NIP-46 and NIP-55 Nostr key management? #HOWDONOSTR\n\nAcross Nostr's ecosystem, where decentralization and user control are paramount, managing private keys securely should be a top priority. There is no central authority to reset your \"password\" or help you recover your \"account\" if your private key is leaked. Once leaked, your \"account\" is essentially burned and you no longer have control. \n\nRemote signing your social transactions with NIP-46 (Nostr Remote Signing) and NIP-55 (Android Signer Application) provides a safer and more convenient way to interact with Nostr applications without exposing your private key.\n\nBy entering your private key into multiple applications, you increase the risk of it being compromised. To protect your key, only trust a minimal number of applications and avoid entering it into more apps than absolutely necessary. Proper private key management with remote signing applications can help here.\n\nWhat are NIP-46 and NIP-55?\n\nNIP-46 (Nostr Remote Signing) and NIP-55 (Android Signer Application) allow you to use a remote signer—a separate tool or device—to approve actions on your behalf. Instead of entering your private key into every app, you authorize trusted applications to sign messages remotely. This lets you create temporary keys that can sign events on your behalf, without exposing your private key. You can limit what these keys can do, such as only allowing them to post notes but not change your profile.\n\nUsing the NIP-46 method, a user would login to a Nostr application with a long string similar to this example: \n\nbunker://\u003cremote-signer-pubkey\u003e?relay=\u003cwss://relay-to-connect-on\u003e\u0026relay=\u003cwss://another-relay-to-connect-on\u003e\u0026secret=\u003coptional-secret-value\u003e\n\nUsing the NIP-55 method, a user would simply tap or click a 'Login with Amber' or 'Login with Android Signer' button in their Nostr application. All of the heavy lifting and configuration items are handled by the Android signer.\n\nWhy use remote signing?\n\n* Better Security – Your private key stays in a secure location, such as Knox, NAK, or Keycast, rather than being exposed in multiple applications.\n* More Control – You decide which apps can sign messages and revoke access anytime.\n* Seamless Experience – There is no need to copy and paste private keys between apps. It just works in the background.\n\nHow can you use it?\n\nThe easiest method is Amber for Android. (A new application named nowser recently launched. I have not tested or used this application. However, it supports Android, iOS, Windows, and Linux.) \n\n* Amber: https://github.com/greenart7c3/Amber or download from nostr:npub10r8xl2njyepcw2zwv3a6dyufj4e4ajx86hz6v4ehu4gnpupxxp7stjt2p8! \n* nowser: https://github.com/haorendashu/nowser (Remember, I have not used this application. Please use at your own risk!)\n\nIf you're more technical and you have a Bitcoin node or a Nostr relay, you may want to consider running either NAK, Knox, or Keycast. These will require a dedicated computer or server.\n\n* NAK (Nostr Army Knife): https://github.com/fiatjaf/nak (This requires almost no setup. You download a simple program and run it with the command 'nak bunker' and keep the terminal window open or run this on a server.)\n* Knox: https://gitlab.com/soapbox-pub/knox (nostr:npub1q3sle0kvfsehgsuexttt3ugjd8xdklxfwwkh559wxckmzddywnws6cd26p actually wrote a great article on this nostr:naddr1qvzqqqr4gupzqprpljlvcnpnw3pejvkkhrc3y6wvmd7vjuad0fg2ud3dky66gaxaqqykkmn00qkkyet5vyhjuvda)\n* Keycast: https://github.com/erskingardner/keycast (nostr:npub1zuuajd7u3sx8xu92yav9jwxpr839cs0kc3q6t56vd5u9q033xmhsk6c2uc wrote more about Keycast here: nostr:note1327htu9gr327h38yu5f6tueye4cajp3kc69cs3gl7w6q6rz09ufqukl74j)\n\nExamples of Android applications with support:\n\n* Amethyst, Wavlake, Fountain, 0xchat, Coracle, Flotilla, and more!\n\nExamples of iOS applications with support: \n\n...\n\nExamples of Web applications with support: \n\n* Coracle, Nostrudel, Jumble, Snort, Nests, Habla, and more!\n\nMany, many Nostr applications support NIP-46 or NIP-55. However, popular applications such as Damus and Primal do not support these login methods at this time. If your favorite application does not support these login methods, you'll need to ask your app developer and zap them accordingly 😉 \n\nHappy remote signing!",
"sig": "cfd57db20250fa2771daa53bd08ea21ba498cb77dc7aacc4a631792866b9aed1ed568efa7b278ee2d9a82d10355325aff8383d77938c8f45e83ae89dd86b5a78"
}