Skip to content

Use OS Secure Store for nsec #1191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Use OS Secure Store for nsec #1191

wants to merge 9 commits into from

Conversation

@kernelkind
Copy link
Member

@kernelkind kernelkind commented Nov 7, 2025

Tested with MacOS & android. Need to test with linux & windows still

Run adb shell 'run-as com.damus.notedeck ls -la /data/user/0/com.damus.notedeck/files/storage/accounts' and observe nsec getting turned into pubkey, but you remain logged in as nsec.

This implementation migrates nsec values from plain files into the secure store while keeping the user logged in.

@alltheseas
Copy link
Contributor

alltheseas commented Nov 7, 2025

how do i test this on linux?

@kernelkind
Copy link
Member Author

kernelkind commented Nov 10, 2025

how do i test this on linux?

run it, add an nsec, look at ~/.local/share/notedeck/storage/accounts and make sure there is no nsec written there

@kernelkind
Copy link
Member Author

kernelkind commented Nov 10, 2025

works with linux now & rebased with master

@alltheseas
Copy link
Contributor

alltheseas commented Nov 10, 2025

I removed prior keys from the folder above using rm rf, and confirming via ls.

I ran cargo run --release, and found a newly created key in the same folder above on Linux.

@alltheseas
Copy link
Contributor

alltheseas commented Nov 10, 2025

In the newly created file in .../accounts it is a npub, so the PR checks out 💪. Confirming I was able to post a note to nostr with this PR checked out https://nostr.eu/nevent1qqsdprsuyz4t76ecnsar3d3xjgd25dxy8rjfy30appsntzq5zntznqczyrrmal6g449683c9se37res6ug3z354df299eue63tnjcj2ml0etcevll2f

@alltheseas
Copy link
Contributor

alltheseas commented Nov 10, 2025
edited
Loading

confirmed via the following command I stored to Linux keyring: secret-tool search service com.damus.notedeck

to install on linux I used sudo apt install libsecret-tools

@kernelkind
refactor: appease clippy
ee2fcbc 
Signed-off-by: kernelkind <[email protected]>
@kernelkind
cargo: add keyring
4b5faf0 
Signed-off-by: kernelkind <[email protected]>
@kernelkind
feat(error): add Error::Keyring
4563206 
Signed-off-by: kernelkind <[email protected]>
@kernelkind
feat(keyring): add keyring helper
e3dce6e 
Signed-off-by: kernelkind <[email protected]>
@kernelkind
cargo: add android-keyring
4fdc711 
Signed-off-by: kernelkind <[email protected]>
@kernelkind
feat(android-keyring): use correct android keyring builder
1003930 
Signed-off-by: kernelkind <[email protected]>
@kernelkind
feat(key-store): upgrade key storage to use OS secure store
48f1ff4 
Signed-off-by: kernelkind <[email protected]>
@kernelkind
test: secure store key mgmt
98d0dbd 
Signed-off-by: kernelkind <[email protected]>
@kernelkind
fix: don't exit early in account retrieval
d067447 
fixes:
> i opened up notedeck with the keyring branch and it seemed to
> nuke my acocunt

Signed-off-by: kernelkind <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kernelkind @alltheseas