Hey #nostr, I'm working on a bunch of open-source projects/experiments, one of which is a #firmware #program to load onto a tillitis TKey device. #Nostrkey provides protection for nostr identities in 3 modes that can be used interchangibly.
1. Fully hosted on the device: #identity cannot leave device, #signing happens on-device. The device secret determines which nsecs are generated.
2. Import an arbitrary identity for loading onto the device for on-device signing. (This identity can not be exported later.)
3. Import for protected storage. Device decrypts and returns nsec to client for use. Here the device does not sign, just decrypt the nsec, such that the clients do not have to securely store the nsec themselves. (Device being a second factor.)
The software is fairly basic to keep things simple. There is caching to keep the most frequently used keys loaded and available.
https://codeberg.org/walletkey/nostrkey
Let me know your thoughts. Grtz!