Authentication

NIP-07 Browser Extension (Recommended)

The safest and most capable way to use Maskr is with a NIP-07 browser extension. Compatible extensions include:

• Alby — also supports Lightning wallet integration for zaps.
• nos2x — lightweight, signing only.

Extensions expose a window.nostr API on every page. When Maskr needs to publish an event, it calls window.nostr.signEvent(). The extension prompts you to approve the signing request, signs the event locally, and returns the signed result — your private key never leaves the extension and is never transmitted over the network.

Extension sign-in unlocks full Maskr functionality including encrypted direct messages, zaps, and all NIP features.

Passkeys (WebAuthn)

Passkeys use the FIDO2 / WebAuthn standard to authenticate you with biometrics (Face ID, Touch ID, Windows Hello, etc.) or a hardware security key. No browser extension is required, making passkeys ideal for mobile browsers and users who prefer not to install extensions.

When you register with a passkey, Maskr generates a Nostr key pair server-side and stores it in encrypted storage. Your passkey credential authorizes operations against that key. Because the Nostr key is server-managed, this method trades some self-sovereignty for convenience — your private key is held in Maskr's encrypted infrastructure rather than exclusively on your device.

OAuth

OAuth sign-in (currently via Google) is the quickest way to create a Maskr account. After authenticating, Maskr generates a Nostr key pair on your behalf and links it to your OAuth session.

Like passkeys, OAuth means your Nostr keys are server-managed. This is the right choice for users who want to explore Maskr quickly and do not yet need full cryptographic self-custody.

Method Comparison