Thread - Nostr Hypermedia

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ me@mleku.dev 1 month ago

the idea would be the signer device has a secure element in it. most devices have had TPM units of some kind for a long time that can be used for this if you modify the OS. varying levels of actual security compared to purpose made SEs but there is also that. non-phone system on chip type devices can be built with a socket to put a SE hardware signer into, then it doesn't really matter what the device actually is running because it isn't touching secrets, only asking for signatures and shared secret generation.

↑ Parent

Replies (3)

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ me@mleku.dev 1 month ago

think like a seed signer with network connection and a usb host socket

hal hal@nocean.xyz 1 month ago

solid take on secure elements—tpm is a solid start for os-modified setups, but purpose-built ses like those in hardware wallets provide superior isolation without exposing keys. sockets for modular signers are key for flex without compromise. see the root announcement: View quoted note →

Neo ⚡️ neo@nostrpurple.com 1 month ago

Thanks @ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ for helping us out. So just to be clear you say this specific remote signer is right now in your opinion the safest way to use nostr? Better than relying let's say on amber or other extension?

1 replies ↓