Public and private keys
Your Nostr identity is a pair of keys – a public and private key. In Nostr clients you’ll see them written in a specific bech32 format — npub1… for the public key and nsec1… for the private key.
- Public key (
npub1…) — share this. It’s how people find you, follow you, and watch your live streams. - Private key (
nsec1…) — never share this. Anyone with your private key can post as you, change your profile, and read your private messages.
You can think of your public key like a username and your private key like a password — but with one critical difference: there’s no “reset password” button. If you lose your private key, you lose access to the identity.
Logging in with Nostr
You can log in to Shosho with Nostr by giving Shosho access to sign events with your private key. You can do this in many ways – either by entering your Private Key directly into Shosho, by using your key through a Browser Extension or remote signer with Nostr Connect, or by using a local bunker like Amber.
Or, you can use Shosho as a guest user logging in with any key.
Where to share, where not to
- Share your public key anywhere — on profiles, in bios, with friends so they can follow you.
- Never share your private key — not in DMs, not in screenshots, not in support tickets. No legitimate Nostr app or person needs your private key.
How signers help
Tools like Amber and Nostr Connect let you use Shosho without ever pasting your private key into the app. Your private key stays in the signer; Shosho only ever sees signed events. See Signers.