the thing that interests me most is the HSM API
I want to connect it to one of the programmable secure elements I have and see how well it would work to run an LN node off of that
Discussion
Wait can you store keys on TPM or something?
You could, but TPMs don’t support the algorithms that is needed.
There are some projects to make it run with a TEE (Validating Lightning Signer) but I want to fully store the key inside a custom secure element.
Let me guess you want to run your CLN on an untrusted cloud provider?
no, just because I can
This whole HSM thing reads like what Hashicorp Vault does but with hardware instead of shamir secrets.
It is, but it being actual SE hardware is the hard part
I want one now. Or I wanted one before I checked the price on the yubikey offer. This tiny thing costs more than 1000 euros lmao.
That is actually just a $2 SE, some software and a USB interface.
And it doesn’t support the required crypto needed for this. There’s a reason I said *programmable* secure element.
