You can now encrypt your Nymchat identity’s nsec. Encrypt yo...

Luxas

npub16jdfqgazrkapk0yrqm9rdxlnys7ck39c7zmdzxtxqlmmpxg04r0sd733sv

hex

e02bd139ee862316067bdc7da85fdb3982b75b9e814ff73765f4640f076e5768

nevent

nevent1qqswq27388hgvgckqeaacldgtldnnq4htw0gznlhxajlgeq0qah9w6qprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsdfx5syw3pmwsm8jpsdj3kn0ejg0vtgju0pdk3r9nq0aasny863hctqes7c

Kind-1 (TextNote)

2026-06-04T14:49:32Z

You can now encrypt your Nymchat identity’s nsec. Encrypt your saved identity key on a device so it cannot be read from local storage without unlocking. You pick the unlock factor per device: a password, a PIN, a passkey, or a biometric (Face/Touch ID, Windows Hello, Android biometric, or a hardware security key). Passkey and biometric unlock use WebAuthn with the PRF extension to derive the key; password and PIN use PBKDF2. The key stays in memory only for the session and the plaintext key is never written to disk while encryption is on. This is a per-device setting and is not synced, because the unlock factor and the stored key are local to each device, so you enable it separately on each device. After you enable it, the app confirms an unlock right away so you are not locked out if an authenticator turns out not to support PRF. Only a non-sensitive on/off preference syncs across devices, so a new device can offer to set it up too. No password, salt, or credential is ever synced. You can find this new setting as “Identity Encryption” under the “Privacy & Security” section of the settings.

https://nymchat.app

Raw JSON

{
  "kind": 1,
  "id": "e02bd139ee862316067bdc7da85fdb3982b75b9e814ff73765f4640f076e5768",
  "pubkey": "d49a9023a21dba1b3c8306ca369bf3243d8b44b8f0b6d1196607f7b0990fa8df",
  "created_at": 1780584572,
  "tags": [],
  "content": "You can now encrypt your Nymchat identity’s nsec. Encrypt your saved identity key on a device so it cannot be read from local storage without unlocking. You pick the unlock factor per device: a password, a PIN, a passkey, or a biometric (Face/Touch ID, Windows Hello, Android biometric, or a hardware security key). Passkey and biometric unlock use WebAuthn with the PRF extension to derive the key; password and PIN use PBKDF2. The key stays in memory only for the session and the plaintext key is never written to disk while encryption is on. This is a per-device setting and is not synced, because the unlock factor and the stored key are local to each device, so you enable it separately on each device. After you enable it, the app confirms an unlock right away so you are not locked out if an authenticator turns out not to support PRF. Only a non-sensitive on/off preference syncs across devices, so a new device can offer to set it up too. No password, salt, or credential is ever synced. You can find this new setting as “Identity Encryption” under the “Privacy \u0026 Security” section of the settings.\n\nhttps://nymchat.app",
  "sig": "1733a04249b8ca017b66fff502c7421169b39bbea1e9dc620912dd993b1c88109a5920dd832d3c0f40bf1ccf423950daf3ccb6b268ab8f2efbabbeae6e352a91"
}