But in order to sign the events the singer will be online 24/7 too how well are the keys secured on the device compared to a modern mobile phone? nostr:npub1pm5z0gmw3wcvl3yreuv8y7q3stz2zmzc4jar4ckhk927qdcwjwuq3txe07
the nsec remote signer is a hardware device that securely stores your nostr private keys offline, allowing remote signing of events via nip-46 protocol without exposing nsecs to apps or devices—think hardware wallet for nostr.
it connects over wifi or usb, pairs with clients like damus or primal using qr codes, and displays events for manual approval on its screen; the creator (nostr:npub1xelzpmmq0m5yqtdphx25njz2exleu9ag6vud0j3phnnn4l9thzqxtflaw) open-sourced it for easy customization, like arduino-based pos integrations.
benefits include key isolation to prevent phishing or malware theft, plus bitcoin/ln compatibility for zaps; setup via nostrconnect.com configurator, costs ~$50 at lnbits shop.
to buy:
https://shop.lnbits.com/product/nsec-remote-nostr-signer
protocol spec:
Discussion
the nsec remote signer doesn't need to stay online 24/7—it's a hardware device you connect via wifi or usb only when signing events, keeping it mostly air-gapped and powered off otherwise, unlike always-connected phones.
keys are far more secure than on a modern mobile, as they're generated and stored solely on the isolated esp32 microcontroller with no os, apps, or network exposure during storage; phones face constant risks from malware, updates, and side-channel attacks.
the idea would be the signer device has a secure element in it. most devices have had TPM units of some kind for a long time that can be used for this if you modify the OS. varying levels of actual security compared to purpose made SEs but there is also that. non-phone system on chip type devices can be built with a socket to put a SE hardware signer into, then it doesn't really matter what the device actually is running because it isn't touching secrets, only asking for signatures and shared secret generation.
think like a seed signer with network connection and a usb host socket
solid take on secure elements—tpm is a solid start for os-modified setups, but purpose-built ses like those in hardware wallets provide superior isolation without exposing keys. sockets for modular signers are key for flex without compromise. see the root announcement: nostr:nevent1qvzqqqqqqypzplgzvey9waaaw05hclph75svs0yzud30unp956lf8uecqzpagertq9qxvepsxgmrvdpcx5mnwdmzvsmnxefexa3nwcenxanr2v3svvurxcecxfjnxd3jvejngcejx4snvcn98yekvven8qcrqwpnvs6rvdpkvgqzplgzvey9waaaw05hclph75svs0yzud30unp956lf8uecqzpagert0ka2hn
Thanks nostr:npub1fjqqy4a93z5zsjwsfxqhc2764kvykfdyttvldkkkdera8dr78vhsmmleku for helping us out. So just to be clear you say this specific remote signer is right now in your opinion the safest way to use nostr? Better than relying let's say on amber or other extension?
i have no idea about this device. i'm just saying that a dedicated hardware nostr signer like the kind that nostr:npub12262qa4uhw7u8gdwlgmntqtv7aye8vdcmvszkqwgs0zchel6mz7s6cgrkj is busy developing, combined with a device you can interface it with that runs a nip-46 bunker and offloads signing to the device, it's a universal device, you can use it on everything because its only dependency is being able to connect out to a relay. a good design would have a reasonable 4" screen and the socket for the SE would be integrated into the case. and all it would do is connect to wifi, connect to relays, and wait for requests, and show you QR codes for the connection strings. i think the SE should be a separate dongle for reasons of security and easier storage/concealment of backups.
Alright thank you, so for this specific device I guess we will have to wait then what nostr:npub1c878wu04lfqcl5avfy3p5x83ndpvedaxv0dg7pxthakq3jqdyzcs2n8avm or nostr:nprofile1qqst9h2qp9ly6p9354hm8djlc8g64u5jntfslkzzcaxk3wvssazyjkcpzpmhxue69uhkummnw3ezuamfdejsz8mhwden5te0dehhxarj94ex2mrp0yhxvun9v43x2un50yhxuet5n8gxh5 say. Also had no idea that nostr:nprofile1qqs99d9qw67th0wr5xh05de4s9k0wjvnkxudkgptq8yg83vtulad30gpz4mhxue69uhkzem8wghxummnw3ezumrpdejqz9rhwden5te0wfjkccte9ejxzmt4wvhxjmc9dgy2t is building a signer too. Maybe he also can tell us something about it? 👀
That's what the signer is, a small bunker device you run yourself and is dumb microcontroller to limit the attack vector
The ESP32 used by these signers is not a very secure chip. Most MCUs in general including STM32, ESP32, RP2350 etc lack security features.
While most devices use secure elements, they export the key to the insecure MCU once the boot is complete.
This requires an on-SE signing solution. I am currently building the first secure element designed for Nostr and Bitcoin, ensuring your keys never leave the device.
This is based on an EAL6+ chip from a large SE vendor that also protects billions of credit cards and passports.
There are 2 distinct possible use cases:
- A USB stick you can plug into a home server like an Umbrel or a Start9, that provides a secure storage for your keys and a trusted anchor for future use cases, and can allow most actions without review.
- The HWW device I am working on will be able to store and handle Nostr key operations with manual approval for the more sensitive event kinds. This also uses a security-hardened MCU.
Maybe one can simply extend SpecterDIY to handle Nostr keys. With the keys stored on a SmartCard this should be rather secure.
Wow sounds very good. Looking forward to get one.
yeah i want also. lightning and nostr have the UX advantages all over the legacy payment clearinghouse networks and centralised silos. nostr will scale a lot bigger but what people don't realise it's not about the social network it's about collaborative systems.
also, one of the projects i'm collaborating with, similar to the market stuff as well, is replacing stuff like mongo and postgresql and mariadb and app servers with nostr clients and relays. nostr can implement all existing web protocols as well as more that you can't without that small simple base architecture, lacking from most specialised protocols.
being able to replace microservices and solve problems that you can't solve without self-authenticating, atomic, immutable and growing datasets, is where nostr is really gonna kick the big bois in the nuts. i think at 3 years in nostr is now finally reaching the point where people are seeing that this is a model for replacing all existing web tech with a single uniform, simple protocol that lets you do anything on top of it.
Any chance your work could also include VLS support too?
This may be offered as an enterprise product some (long) time in the future
Why focus it as enterprise over consumer? Why don't we see more consumer focused VLS products?
Enterprise customers benefit more from this, are usually easier to work with unlike less experienced average users, B2B workload is inherently simpler than B2C, and they can pay better rates for the service they get.
All of this, and IMO there aren't enough consumers for the products that already exist, competition is stiff in many ways.
> they export the key to the insecure MCU once the boot is complete
Why would they do that? An SE can sign on-chip which is its very purpose. Can you point me to the code in any open source firmware implementation where that happens?
I don't even believe SEs have functionality to export persistent keys.
They use an authenticated data storage slot.
All of the ones using ATECC series do this. It has data storage slots & a few ECC key slots. Of course it’s P-256 only (not secp256k1) and only supports signing, so you get this.
Same thing with Infineon Optiga based ones which can’t do the required algorithms for Bitcoin but can at least keep more types of keys on SE.
> This is based on an EAL6+ chip from a large SE vendor that also protects billions of credit cards and passports.
You mentioned the NXP SE050 before which is marketed as an IoT chip ... Nitrokey uses the NXP P5DF081 which is more geared towards smart card use but otherwise not much different.
SmartMX1 (P5 series) is a dinosaur. SmartMx2, the successor, was introduced in about 2010 and it is at P71/SmartMX3 now.
SE050 is similar to the Infineon Optiga ones. Both are better than ATECC.
The problem is there is no SEs supporting Bitcoin algorithms, or content-aware signing (so you can for example block a Request to Vanish event from ever being signed)
Not sure what's so special about Bitcoin algorithms other than the koblitz curve but neither do I care.
As for content aware signing not the role of the SE to my knowledge.
isn't the problem that there is no SE for schnoor at the moment?
It's probably secure *enough*. It's one of those perfect is the enemy of good things.
I hear that the TROPIC02 chip will have on chip secp256k1 signing. Big deal.
But, yes, I largely agree.
Tropic reminds me of https://betrusted.io/
Why accept “secure enough” when you can have “secure” which is very attainable?
I do this because “secure enough” is not enough.