Why Nostr? What is Njump?
2025-03-25 17:46:16
in reply to

GrapheneOS on Nostr: Yes, but provisioned attestation signing keys are also per-app so they can't be used ...

Yes, but provisioned attestation signing keys are also per-app so they can't be used to identify a device across apps either. They are not per-pairing but rather per-app so an app only triggers provisioning when generating a key with attestation enabled. Apps can also generate their own attest purpose keys usable to sign attestations instead of this. It can also reuse it for a while before it has to rotate it. They have short expiry and generating a new key can trigger rotation.
Author Public Key
npub1kwarc5z9lwhen05uknd2nuwhhthd4ws0cku3t9j3rchm0fcd6luslse0nj