Identity & Keys

Public and Private Keys

Your Nostr identity is a key pair generated on the secp256k1 elliptic curve. Keys are displayed in bech32 encoding (NIP-19) for readability and to reduce copy-paste errors.

• npub — your public key. Think of it as your address or username on the Nostr network. You can share it freely.
• nsec — your private (secret) key. This is the cryptographic proof of ownership over your identity. Never share your nsec with anyone, including Maskr staff. Anyone who obtains your nsec can post as you, read your encrypted messages, and permanently impersonate you.

Because identity is purely mathematical, there is no account recovery process tied to an email address or phone number. Keeping your nsec safe is entirely your responsibility.

NIP-05 Verification

NIP-05 lets you attach a human-readable identifier to your public key using DNS. Your identifier looks like an email address — for example, alice@maskr.space — but it resolves to your npub via a well-known JSON file served from the domain.

NIP-05 verification on maskr.space is free. To register, go to Settings > Profile > Nostr Address and choose a username. Once verified, a checkmark appears next to your name in Maskr and in other NIP-05-aware clients such as Damus and Primal.

Verification confirms that the domain owner associates that username with your public key. It does not imply identity verification of a real person.

Anonymity

A Nostr key pair contains no personally identifiable information (PII) by design. Your npub is just a number. To maximize anonymity on Maskr:

• Use a pseudonym. Your display name and profile picture are stored as Nostr events and are public — choose ones that cannot be linked back to you.
• Maintain multiple personas. You can generate separate key pairs for different contexts. Maskr supports switching between accounts from the profile menu.
• Use a VPN or Tor. Your IP address is visible to every relay you connect to. For maximum anonymity, connect through a trusted VPN or route traffic through the Tor network before using Maskr.
• Avoid NIP-05 registration if you need strict separation — linking your npub to a domain username creates a soft association between your key and that handle.

Key Management

Extension users (NIP-07)

When you sign in with a browser extension such as Alby or nos2x, your private key lives exclusively inside the extension's encrypted storage. Maskr never sees your nsec. Signing requests are sent to the extension's window.nostr API, which returns a signed event without ever exposing the raw key to the page.

Passkey users (WebAuthn)

If you register with a passkey, Maskr generates a Nostr key pair server-side and stores it in encrypted storage tied to your WebAuthn credential. Your biometric (Face ID, fingerprint, etc.) unlocks the passkey, which in turn authorizes operations on your Nostr key. This approach requires no browser extension and works on mobile devices.

Key backup

Regardless of sign-in method, you can export your nsec from Settings > Security > Export Private Key. Store the exported nsec in a password manager or write it down and keep it in a secure physical location.

There is no account recovery. If you lose your nsec and lose access to your sign-in method (extension or passkey device), your identity cannot be restored. Always back up your key before switching devices.