Topic: I lost my Nostr keys (and how I recovered them) (Read 92 times)

A seed creates the private key. The private key is a long string of text that usually start with 5H or K or something like that. The seed is just a bunch of words that you write down when you create a new electrum wallet.

The private keys can be viewed by going to Wallet > Private Keys > Export. But that is not recommended, you should view the seed with Wallet > Seed instead because it's easier to remember.

In any case, you can technically make a Nostr key out of a seed phrase, but it is uncommon. Nostr private keys are generated directly just like the own days.

This indeed is a big work.
I have a small question if you like to answer.  I have an electrum wallet, the private keys of wallet means your seed in this case or its something different. I tried but wasn't able to find any private key in my wallet. I am confused that seed is the private key or its something different ?

In the next several days I will have a little surprise ready for you guys involving the Lightning Network, but in the middle of me doing that, I was trying to access my Nostr private key which I had saved in Alby Wallet, but there was a problem. It seemed that for some reason, Alby Wallet was having trouble connecting to my node. (perhaps due to it starting up and shutting down so many times). Well the node was fine, I confirmed, but I was prevented from reading the Nostr settings and data by an infinite loading circle.

Nostr keys are basically like xpub/xprv keys in Bitcoin except that they start with npub and nsec respectively. They are still encoded in Bech32 I think. You use them to chat at the Nostr social network. A decentralized X/Twitter basically.

Eventually, I thought I had found a backup of my Nostr keys in my password manager, and proceeded to clear all the placeholder entries in my wallet, including the Nostr wallet.

Big mistake.

It turned out that the mnemonic I had saved in my password manager makes a completely different key and that I had actually imported the Nostr secret key form another program rather than generated a menmonic phrase.

Naturally, I started to panic as I did not have any copies of it. I thought about inspecting the Chrome browser for the data directly, but by that point I had already deleted the Nostr keys.

But then I remembered that I make backups of my whole system in the early morning and save them on some server, including my Chrome profile, so I thought why not look inside the backup and see if I can find it. But I had to hurry because the files would be overwritten in about 24 hours from then.

I didn't actually know how I was going to go about and get my keys from the backups except for the fact that I knew that extensions have a long identifier like iokeahhehimjnekafflcihljlcjccdbe and that each extension has a folder with that sort of name in the Extensions directory of the Chrome user data dir.

What followed next would be an adventure in coding, lobbing open database files, and encryption.

Locating the extension settings

As I definitely remembered my wallet password and name, I would be able to decrypt the wallet if I ever found it. Which was the first problem - I wasn't really sure where it was.

The fine details of my backup structure meant that all the config files were in a tarball, so I just did a scan for the extension ID, which yielded, among other results, this:



So I at least knew where the extension settings live, but I wasn't sure what any of the files did. AGI was mostly useless for this, except for telling me that those IndexedDB folders must have contained my settings. Spoiler alert: they didn't -  and I wasted an hour trying to open the LevelDB file inside, which by the way were specially modified for Chrome so could not even be opened in regular libraries.

It turned out that parsing the database file with a library was a huge waste of time, so eventually I just used tools like cat and less to read the lines. I had better luck with the Sync Extension Settings folder though, and when you open it it looks something like this:



Don't worry, everything is encrypted. And it appears to be encoded in base64.

Decrypting the payload

For what came next, I had to look at Alby Wallet's source code on Github. And I happened to learn a lot about how Alby Wallet worked under the hood. Like did you know that there is actually an API just for extracting settings from the disk? Which was what I needed to see.

A couple of minutes of browsing brought me here:
https://github.com/getAlby/lightning-browser-extension/blob/3a4a06311f79d64ace5a5c5e7de9fcb36303b123/src/extension/background-script/actions/nostr/getPrivateKey.ts

And so it became clear to me that 1) All this is Typescript, which I am glad I still remember, and 2) those "getPrivateKey" fields were indeed my Nostr private key. (Later on decryption I also found my LN node URL and admin macaroon.) But although I knew my password, I did not know what decryption algorithm it is using. The good news is that I found it in another file:

https://github.com/getAlby/lightning-browser-extension/blob/3a4a06311f79d64ace5a5c5e7de9fcb36303b123/src/common/lib/crypto.ts

I had to clean the functions quite a bit so that they would run in Node, as well as install that "crypto-js" dependency, but it was worth it. It even took care of the Base64 encoding. By the way, the encryption seems to be AES-256 with a salt. So that's pretty secure.

Decryption yielded the Nostr private key in hex form, with which I could derive the nsec and npub keypair and recover my Nostr account.

Be careful with your nostr keys - they're like Bitcoin Core keys. Hard to write down and better off in a password manager.