Replying to Avatar semisol

The ESP32 used by these signers is not a very secure chip. Most MCUs in general including STM32, ESP32, RP2350 etc lack security features.

While most devices use secure elements, they export the key to the insecure MCU once the boot is complete.

This requires an on-SE signing solution. I am currently building the first secure element designed for Nostr and Bitcoin, ensuring your keys never leave the device.

This is based on an EAL6+ chip from a large SE vendor that also protects billions of credit cards and passports.

There are 2 distinct possible use cases:

- A USB stick you can plug into a home server like an Umbrel or a Start9, that provides a secure storage for your keys and a trusted anchor for future use cases, and can allow most actions without review.

- The HWW device I am working on will be able to store and handle Nostr key operations with manual approval for the more sensitive event kinds. This also uses a security-hardened MCU.
Avatar
BlackCoffee 1mo ago 💬 1

It's probably secure *enough*. It's one of those perfect is the enemy of good things.

I hear that the TROPIC02 chip will have on chip secp256k1 signing. Big deal.

Reply to this note

Please Login to reply.

Discussion

Avatar
BlackCoffee 1mo ago

But, yes, I largely agree.

Avatar
frphank 1mo ago 💬 2

Tropic reminds me of https://betrusted.io/

Avatar
BlackCoffee 1mo ago

i've not come across this before. i don't quite understand what it actually is after reading the website. is it a full stack open source device with secure storage?

Avatar
frphank 1mo ago

I think it's an abandoned project but the idea was open source hardware down to the VHDL.

Avatar
semisol 1mo ago

Why accept “secure enough” when you can have “secure” which is very attainable?

I do this because “secure enough” is not enough.