I'd like to have an offline master key.
For Mosaic, this would still be required to sign my relay list (server list) and sign device keys and again anytime those things change.
Moving the data around on a USB stick is feasible but annoying. I quite like the seed signer and using QR codes and cameras to move data around.
So I'm writing an android app that I will run on a disused android phone that I disable as much as possible (no SIM, no WiFi password, airplane mode, flashing the modem with zeroes). Yes of course the far-side of the modem pinging the towers is not something I can disable.
Still it could be attacked from the cell tower. Not likely but completely possible.
Unfortunately I haven't found any good handheld computers with cameras, without networking, and running linux. My Librem 5 spontaneously hard crashes and reboots after less than an hour of usage, else I'd try that.
Maybe I should just pull the seed signer code, add what I want, and use my seed signer.
Anyhow, the code I'm writing is with Dioxus that targets a lot of platforms: linux, macos, windows, appimage, web, ios, and android.
Replies (19)
nostr:npub1wamvxt2tr50ghu4fdw47ksadnt0p277nv0vfhplmv0n0z3243zyq26u3l2 seems like something you've thought about a good deal too
Interesting, what was hard for me to find was a handheld with networking without cameras/microphones. Opposite sides of the same coin
Interesting project, wishing you luck
Looks like Mike Dilger has too, looking forward to seeing how this turns out. Thanks for showing me this 🫡
An offline air-gapped signer to hold your nsec?
What about the Pine64 hardware / Pinephone?
Do you have one? Is it any good?
Yes. Unuseable as a daily driver, too slow. But for your purpose it might be a good choice. You can run any linux distro on it 👌🏻
wasn't this kind of the pitch with precursor:
https://www.bunniestudios.com/blog/2020/introducing-precursor/
never shipped afaict but seems related to
https://github.com/betrusted-io/xous-core which is still very actively developed ...
btw this is the first i've heard of mosaic. i'm half way through your audio recordings and very intrigued. do you need any help? would it be productive if i tried to build a basic client for it, or protocol implementation in another language and try to interop?
I forgot about those recordings. Man I sound so stuffy.
Anyhow, yes, clients are the part I haven't even started yet. I'm working on the spec, the core libraries, a server, and a master key manager, but I haven't started a client yet.
I'd recommend using mosaic-core (from another language if you would like -- tell me which and I'll make it accessible to that language), rather than starting from scratch. Eventually multiple independent code bases will be a good thing to have, but probably since we are so early, better to not duplicate work so we can get it running sooner.
You can get started looking at mosaic-core, first the examples, then the test cases like test_user_bootstrap_dht().
The recordings are great. You should make more of them!
I'll try to build a client with the Rust libraries and let you know how it goes.
I'm starting to dig into Dioxus and its awesome.
I like it so far.
I'm having some trouble working with a Camera though, across platforms, and remaining app-reactive to each frame grab. `nokhwa` seems like the most advanced cross-platform camera library, but it's camera is !Sync so I can't keep a camera alive across await points, or send it between threads, so I'm going to try nokhwa::threaded::CallbackCamera next.
Dioxus is apparently very well funded and has a bright future.
I wonder if I should get one and try modifying its software... and if it is using hardware key storage, if that HW supports other algos.
They are hiring, i heard
either that or DIY if you have time/inclination. reminds me of my arduino days
https://github.com/lnbits/nostr-signing-deviceif you run into problems, nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcqyp5ryydaz4w8kajwfwvm5f36z5wczgymu7jkdg4mr9cacxaa8dc4ua6xs2c ;)
we have a new device that supersedes this one. no SE storage / encryption yet so the SK is stored in device flash which isn't great protection against a physical attack. the device does offer good protection against digital attacks / leaks however.
