I am tinkering with the idea of HSMs and secure enclaves these days, but also keeping in mind recoverability.
Hopefully this is the correct NOSTR remote signer from nostr:npub16uvg7mx3l97z8phfesl8rxj2vf82vn82hp9daala0egj45ynr8mstn0vkc nostr:npub1c878wu04lfqcl5avfy3p5x83ndpvedaxv0dg7pxthakq3jqdyzcs2n8avm this time.
This keeps your private NOSTR key (nsec) separate so you shouldn’t need to copy and paste this critical private key into every application you use.
Think of it as the NOSTR equivalent to a Bitcoin hardware wallet.
https://shop.lnbits.com/product/nsec-remote-nostr-signer
Discussion
I had to AI HSM:
ios devices and certain android devices have their own secure hardware to create keys and sign with, without the possibility to extract the keys.
Which is a really great thing, but then, you really depend on not losing your device. So using it alone is not the perfect solution, or depends on the need.
I am familiar with the technology, just not the acronym.
I prefer decentralising my secure keys and passwords away from corporate walled gardens.
I like self built key holders.
I built a Trezor Pi, which is does not contain a secure element chip, but I prefer that to my Ledger that does.
This a device specific thing, not an OS one. Onto android devices, you can put custom OS-es, that could use the hardware.
But at the end, no one-size-fits-all solution. It highly depends on your personal situation. So DYOR. I guess you did, so onwards! 🫡
Ledger is funny. Are they asking their users to move to a new device? 😂
I dunno, I've given up with Ledger, they are just becoming too shitty.
They can't see that themselves, however.
I use a mix of hardware wallets these days. I'm trending towards Jade and SeedSigner as a like the QR air gapped functionality.
I like that I don't have to plug it into a computer or trust WiFI or Bluetooth not to communicate spurious data.
That is a big security benefit!