nsec

nsec is the standard human-readable encoding for a Nostr private key. NIP-19 wraps the raw 32-byte secret in a Bech32 string that starts with the nsec1 prefix. The matching public identity is usually shared as an npub string.

Whoever has the nsec can sign events, publish notes, change profile metadata, authorize client connections, and decrypt content tied to the same keypair. In practice, the nsec is the account. Users should keep it in a dedicated signer such as Amber, hardware-backed storage, or a remote-signing setup instead of pasting it into every client.

Good clients derive the public key locally, request signatures as needed, and let the user approve or revoke access per app. That model shrinks the attack surface and makes it easier to try new clients without copying the secret around.

References

• NIP-19
• Bitcoin Wiki: Bech32
• Amber