How to get started with Diogel

We have previously discussed, What is nostr where we introduced Nostr (Notes and Other Stuff Transmitted by Relays) a decentralised protocol designed for creating a privacy focused and censorship-resistant global social networks and internet applications.

In Nostr, users sign events (like posts, DMs, or follows) with a private key. NIP-07 defines a simple JavaScript API for web apps to interact with a user's signing identity without ever seeing or handling the private key directly. The private key stays inside a secure browser extension (the "signer"), and the app requests signatures through a standardised interface.

Key points:

• Standardized by NIP-07 (Nostr Implementation Possibilities #07).
• Keeps keys out of web pages to reduce phishing/risk.
• Usage: a Nostr client (like a web client) calls window.nostr.signEvent(event), and the user approves via the extension.

You can also use NIP-07 with dedicated hardware wallets or software that supports the API, but the typical case is a browser extension that manages your Nostr identity.

A browser extension-based NIP-07 signer is a specific type of NIP-07 signer that lives and operates entirely within your web browser as an installed extension.

Here's how it breaks down:

• Browser Extension: It's a small program you install in your browser (like Chrome, Firefox, Brave, or Arc) from the browser's extension store. It adds a little icon to your toolbar and runs in the background, isolated from the websites you visit.
• Manages Nostr Keys: The extension securely generates and stores your Nostr private key. Because the key is in the extension's sand-boxed environment, the websites you use cannot read or steal it directly.
• Provides the NIP-07 API: The extension injects a window.nostr object into the web pages you visit. When a Nostr web app (like a client) wants you to sign an event (e.g., post a note), it calls window.nostr.signEvent(event). This triggers a popup from the extension, asking you to approve the signature.
• User Approval Flow: You see a prompt from the extension showing what you're about to sign. If you approve, the extension uses the private key it holds to create the signature and returns the signed event to the website. If you deny, nothing happens.

In simple terms: it’s a password manager for your Nostr identity that lives in your browser. It separates the dangerous part (handling the private key) from the everyday part (using Nostr apps).

Why people use them:

• Security: Your key never touches the web app, reducing risk from malicious sites.
• Convenience: You can use one signer across many different Nostr clients without importing your key everywhere.
• Flexibility: Easy to switch between different web clients while keeping the same identity.

It’s the standard way most users securely interact with Nostr on the web without exposing their keys.