Thread - Nostr Hypermedia

Alright thank you, so for this specific device I guess we will have to wait then what @Ben Arc or @Blake say. Also had no idea that @semisol is building a signer too. Maybe he also can tell us something about it? 👀

↑ Parent

Replies (9)

Ben Arc benarc@nostr.com 1 month ago

That's what the signer is, a small bunker device you run yourself and is dumb microcontroller to limit the attack vector

semisol semisol@nostr.land 1 month ago

The ESP32 used by these signers is not a very secure chip. Most MCUs in general including STM32, ESP32, RP2350 etc lack security features. While most devices use secure elements, they export the key to the insecure MCU once the boot is complete. This requires an on-SE signing solution. I am currently building the first secure element designed for Nostr and Bitcoin, ensuring your keys never leave the device. This is based on an EAL6+ chip from a large SE vendor that also protects billions of credit cards and passports. There are 2 distinct possible use cases: - A USB stick you can plug into a home server like an Umbrel or a Start9, that provides a secure storage for your keys and a trusted anchor for future use cases, and can allow most actions without review. - The HWW device I am working on will be able to store and handle Nostr key operations with manual approval for the more sensitive event kinds. This also uses a security-hardened MCU.

7 replies ↓

C.S.Burner 🪙➡️🔥 csburner@nip05.codingarena.top 1 month ago

Maybe one can simply extend SpecterDIY to handle Nostr keys. With the keys stored on a SmartCard this should be rather secure.

Patrick _@patrickulrich.com 1 month ago

Any chance your work could also include VLS support too?

1 replies ↓

frphank 1 month ago

> they export the key to the insecure MCU once the boot is complete Why would they do that? An SE can sign on-chip which is its very purpose. Can you point me to the code in any open source firmware implementation where that happens? I don't even believe SEs have functionality to export persistent keys.

1 replies ↓

frphank 1 month ago

> This is based on an EAL6+ chip from a large SE vendor that also protects billions of credit cards and passports. You mentioned the NXP SE050 before which is marketed as an IoT chip ... Nitrokey uses the NXP P5DF081 which is more geared towards smart card use but otherwise not much different.

1 replies ↓

BlackCoffee bc@nostr.com 1 month ago

It's probably secure *enough*. It's one of those perfect is the enemy of good things. I hear that the TROPIC02 chip will have on chip secp256k1 signing. Big deal.

3 replies ↓

BlackCoffee bc@nostr.com 1 month ago

But, yes, I largely agree.

frphank 1 month ago

Tropic reminds me of

betrusted.io

Our Core Principles

A security enclave for humans

1 replies ↓