If I want to airgap my nsec, how would I set this up? Is Igloo the piece that stays offline? If so, How do I transfer a newly generated share set from the offline application to the main signer that knows the pubkeys of all shares?
What I am trying to do is this:
- no online device has my nsec.
- I use an offline computer to generate 3 shares in 2 of 3.
- 1 share goes into Amethyst.
- 1 share goes into Olas.
- 1 share goes into Amber.
All of them are in the phone.
Amethyst and Olas both need to communicate with Amber to sign.
No single app has the full nsec.
Questions:
- Do I need to pick a coordinator among the 3 signers?
- What do I need to transfer from the offline nsec holder application to each of the app? Just the nsec? or the nsec + the group of other keys authorized to sign on my behalf?
Vitor Pamplona
npub1gc…fnj5z
2025-03-07 17:00:58
in reply to nevent1q…0mkq
Author Public Key
npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5zPublished at
2025-03-07 17:00:58Event JSON
{
"id": "3262fc63d214c172a90a651919565d80986ad943f04dfb4c41c05203d623232c",
"pubkey": "460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c",
"created_at": 1741366858,
"kind": 1,
"tags": [
[
"alt",
"A short note: If I want to airgap my nsec, how would I set this ..."
],
[
"e",
"8d7695960174474f1aeceeec126139be34114b33296f6e68ccf557b6fb6f92f3",
"wss://relay.wellorder.net",
"root",
"8172b9205247ddfe99b783320782d0312fa305a199fb2be8a3e6563e20b4f0e2"
],
[
"e",
"6938a6c45807f7e9eaef752e549b98215fd4956d64c234098a660f96bb168bab",
"wss://vitor.nostr1.com",
"",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c"
],
[
"e",
"77d55eb71ac691e42af0daa80b3b29f27c087befa7a1f4b2819e4765342c91df",
"wss://nostrelites.org/",
"reply",
"4229c21f0101abc3ba45233e176e975fa9e671bb18a6722bdf7726ba25445ff9"
],
[
"p",
"4229c21f0101abc3ba45233e176e975fa9e671bb18a6722bdf7726ba25445ff9",
"wss://nos.lol/"
],
[
"p",
"8172b9205247ddfe99b783320782d0312fa305a199fb2be8a3e6563e20b4f0e2",
"wss://relay.nostr.band"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c",
"wss://vitor.nostr1.com/"
],
[
"p",
"460c25e682fda7832b52d1f22d3d22b3176d972f60dcdc3212ed8c92ef85065c",
"wss://vitor.nostr1.com/"
],
[
"p",
"8172b9205247ddfe99b783320782d0312fa305a199fb2be8a3e6563e20b4f0e2",
"wss://relay.nostr.band"
]
],
"content": "If I want to airgap my nsec, how would I set this up? Is Igloo the piece that stays offline? If so, How do I transfer a newly generated share set from the offline application to the main signer that knows the pubkeys of all shares?\n\nWhat I am trying to do is this: \n- no online device has my nsec. \n- I use an offline computer to generate 3 shares in 2 of 3.\n- 1 share goes into Amethyst.\n- 1 share goes into Olas.\n- 1 share goes into Amber. \n\nAll of them are in the phone. \n\nAmethyst and Olas both need to communicate with Amber to sign. \n\nNo single app has the full nsec. \n\nQuestions: \n- Do I need to pick a coordinator among the 3 signers?\n- What do I need to transfer from the offline nsec holder application to each of the app? Just the nsec? or the nsec + the group of other keys authorized to sign on my behalf? ",
"sig": "5b0caa5de5076714d53e2dd86af234eeee214b4756f9ae87274b57e79827bec35459c34e674b845657eedc8fde9ad4616740d50e8aa589426d11340b31ba377e"
}