seems to me like the key the NFC returns should (nay, must) be encrypted or it's a massive security problem
Discussion
There are multiple NFC cards, I think it's using Shamir secret sharing to reconstruct the secret.
The keynote video is pretty instructive. A lot of marketing (as it should!) but nevertheless explains all the great tech they are using. Super damn impressive.
yeah, this is something that tapsigners do except only with multiple individual keys using protocol musig... musig2 support with schnorr would work too but that's a whole protocol change, shamir's secret shares would be fine for the interface side of it
it's a hard problem, i can see a lot of people falling back to methods that have wide open physical vulnerability, but this is more of an issue for travelers than people working in an office or at their home where there is physical security
You are correct
also i would really like a device like a yubikey that works for nostr, so it's NFC as well as USB and at least uses a 6 digit pin to encrypt the keys, or better, is actually a full bip-340 signer inside so it demands a pin to unlock the stored key and then after some configured amount of time or when unplugged the decrypted key is lost or nuked
That's the beauty of Prime, anyone can build that app for our hardware.
oh, it's not just a NFC card it's a fairly large piece of hardware
it's a bit bulky, have you got plans for something smaller, maybe even doesn't have any inputs except maybe a button and an indicator light?
also, what protocol is it working with?
i quite like the concept of a device that has only NFC and USB and no wifi or mobile radio that is just for keeping my keys secure though, i could maybe go for this especially if i can use it to replace my whole login flow for browser and pc (linux)