The generic signing method in Alby is a major security vulnerability. People don't know what they're signing or how much. We need a dedicated signBitcoinTransaction method.
Discussion
I apologize for my ignorance, but what is wrong with that?
>It's not possible to sign an arbitrary message with any sort of signature scheme by Trezor.
>
>It would be really stupid to allow this: if the message is arbitrary, you can stuff in, say, a valid Bitcoin transaction. Then it's a matter of crafting a clever malware, telling the user: "Security check: please confirm the following characters on your Trezor screen to validate your wallet", and stealing their money.
>
>The SignMessage APIs look like they accept an arbitrary message, but they don't sign it: the data that is actually signed is "Bitcoin Signed Message:\n(11 bytes)hello world" or something along these lines.
>
>Even if that is good enough for you, this feature currently does not support Schnorr signatures :( because there hasn't yet emerged a standard for taproot message signing.
Source: https://www.reddit.com/r/TREZOR/comments/vrftwn/comment/iexubo7/
do you think there is a difference between a hardware wallet and a web wallet associated to a nostr key?
for me itβs kinda confusing to apply something from hardware wallet to a web wallet that works with a nostr key and also prompts users for the actual private key
Thank you for the thoughtful response.
that basically says the user is a security vulnerability or we have a too complicated system where users need to sign events that they don't understand? :) (at the same time users complain they get asked too much) and any signing prompt is imo better than handing over the private key.
generally the user needs a bit of trust in the webapp. otherwise signing something is never a good idea imo.
I think there is a signPsbt function.