The ESP32 used by these signers is not a very secure chip. Most MCUs in general including STM32, ESP32, RP2350 etc lack security features.

While most devices use secure elements, they export the key to the insecure MCU once the boot is complete.

This requires an on-SE signing solution. I am currently building the first secure element designed for Nostr and Bitcoin, ensuring your keys never leave the device.

This is based on an EAL6+ chip from a large SE vendor that also protects billions of credit cards and passports.

There are 2 distinct possible use cases:

- A USB stick you can plug into a home server like an Umbrel or a Start9, that provides a secure storage for your keys and a trusted anchor for future use cases, and can allow most actions without review.

- The HWW device I am working on will be able to store and handle Nostr key operations with manual approval for the more sensitive event kinds. This also uses a security-hardened MCU.