Replying to Avatar Vitor Pamplona

What's the state of Nostr hardware account recovery devices?

I need to find a way to store the private key in an NFC/USB stick-like device with a self-contained biometric authentication to unlock the device and allow the person to log in with their account into another phone.

It would work somewhat like a Cold Card but without having to memorize/store the unlock pin. Each person can then keep 3+ devices in separate trusted locations to allow them to recover their Nostr private key if they lose the phone.

The use case is for the homeless population where memorizing passwords/words simply won't work and physical security is not good. But they do have a network of providers that can keep these keys safe for them. We just don't want to give access to the private keys to the hosts of the USB device.

Things are getting real very fast over here.
Avatar
Ava 2y ago

nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z breaking ground as always. awesome stuff 🤙🏻🔥

nostr:nevent1qqsty58qjv5f7cfafn282upu4pd46h5ud4wfn7udvzrz4lwqp0n542spzpmhxue69uhkummnw3ezuamfdejsygzxpsj7dqha57pjk5k37gkn6g4nzakewtmqmnwryyhd3jfwlpgxtspsgqqqqqqskudavr

Reply to this note

Please Login to reply.

Discussion

72
nobody 2y ago

nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s it was mentioned using the iOS keychain as well.

I’d love to see nsec storage on a yubikey-like device. A signer would be even cooler though.

de
nobody 2y ago

Yubikey supports smart card signing/encrypting with PGP keys. I wonder if that could be repurposed to sign events with an nsec

72
nobody 2y ago

Would be pretty cool.

Avatar
jb55 2y ago

I don’t think they support secp256k1

de
nobody 2y ago

I've got some esp8266's kicking around. Might play around with trying to set up a usb signer

Avatar
jb55 2y ago

bluetooth signer would be ideal

Avatar
Vitor Pamplona 2y ago

No need to sign. Just reveal the private key. The goal is account recovery not signing security.

The phone of a homeless person will be either stolen or lost every other month or so. They can get new phones, they just need a way to go somewhere and recover their accounts. :)

de
nobody 2y ago

There's an HC-05 Bluetooth module. They're cheap so I'll order one and play around with it.

Avatar
frphank 2y ago

Will the thief have a copy of the private nostr key then.

It's things like this why protocols based on cryptographic identity need to support ephemeral keys and certificates. The nostr key on the phone used to sign notes will be rotated every week or so. Each new key will be signed by a master key kept in cold storage with a declared validity of a week or so.