I often wonder why apps don’t have some standard method of requesting permission to sign messages with designated keys from the device’s keychain, without accessing the private key directly. Is that not something the keychain API can do? Feels incredibly primitive juggling private keys in different apps and relying on devs to be trustworthy and responsible and not screw you over in some supply chain attack.
Discussion
i think the secure enclave can only store secp256r1 keys so no
Eventually they are going to have to support broader cryptographic functionality. The current situation is untenable and third party keychains can’t fill the gap without introducing additional attack surface. The only alternative is hardware keys but that gets annoying if it’s just for social stuff like nostr or PGP.
secp256k1 keys in apples secure enclave would be huge. you could have a bitcoin and nostr hardware wallet in your pocket.